mailing list archives
Re: Windows Command Processor CMD.EXE Buffer Overflow
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 24 Oct 2006 10:44:23 +1300
Brian Eaton wrote:
Is there a reason that a buffer overflow in cmd.exe matters?
If the attacker is sending arbitrary input to cmd.exe, haven't they
owned the box anyway?
Without trying to test anything, it just may be exploitable via a
"shortcut" file or a Packager "package", either embedded or in the form
of a standalone (.SHS or similar) file. If so, that potentially opens
up a few "assisted remote" (i.e. the user has to double-click an
attachment, click a URL link, etc) exploit options...
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Windows Command Processor CMD.EXE Buffer Overflow Nick FitzGerald (Oct 23)