Full Disclosure: Re: Windows Command Processor CMD.EXE BufferOverflow

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Windows Command Processor CMD.EXE BufferOverflow

From: "Peter Ferrie" <pferrie () symantec com>
Date: Mon, 23 Oct 2006 14:58:18 -0700

file://
?


OK, I'll bite.  Why are file:// URLs relevant to the discussion?


It allows arbitrary data to be passed to CMD.EXE, without first owning the system.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Re: Windows Command Processor CMD.EXE Buffer Overflow offset (Oct 23)
- Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
  - Re: Windows Command Processor CMD.EXE Buffer Overflow Thierry Zoller (Oct 23)
    - Re: Windows Command Processor CMD.EXE Buffer Overflow Brian Eaton (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Peter Ferrie (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Matthew Flaschen (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Brian Eaton (Oct 23)
    - Re: Windows Command Processor CMD.EXE BufferOverflow Debasis Mohanty (Oct 23)
    - Message not available
    - Fwd: Windows Command Processor CMD.EXE BufferOverflow Mark Senior (Oct 24)
    - Re: Windows Command Processor CMD.EXEBufferOverflow Dave \"No, not that one\" Korn (Oct 25)