Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows Command Processor CMD.EXE Buffer Overflow
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 24 Oct 2006 10:44:23 +1300

Brian Eaton wrote:

Is there a reason that a buffer overflow in cmd.exe matters?

If the attacker is sending arbitrary input to cmd.exe, haven't they
owned the box anyway?

Without trying to test anything, it just may be exploitable via a 
"shortcut" file or a Packager "package", either embedded or in the form 
of a standalone (.SHS or similar) file.  If so, that potentially opens 
up a few "assisted remote" (i.e. the user has to double-click an 
attachment, click a URL link, etc) exploit options...


Nick FitzGerald

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]