Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Windows Command Processor CMD.EXEBufferOverflow
From: "Dave \"No, not that one\" Korn" <davek_throwaway () hotmail com>
Date: Wed, 25 Oct 2006 14:09:14 +0100

Peter Ferrie wrote:

OK, I'll bite.  Why are file:// URLs relevant to the discussion?

It allows arbitrary data to be passed to CMD.EXE, without first
owning the system.

  No it doesn't.  It passes arbitrary data to the windows gui shell exec 
function.  It doesn't invoke cmd.exe.  Unless you have an actual working 

Can't think of a witty .sigline today.... 

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]