[Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
Tillmann Werner
tillmann.werner at gmx.de
Mon Oct 23 17:07:04 BST 2006
Luis,
> Tried it on Win2k3 SP1:
> C:\Documents and Settings\Administrator>%COMSPEC% /K
> "dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>A AAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>A AAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
> System replied:
> The filename or extension is too long.
>
>
> YEah! Buffer Overflow Windows XP SP2
>
> I Hill debug this.
What makes you think there is a buffer overflow? I'd say the 'dir' command
reports an error for parameters beyond 256 chars. Just plain error handling,
not a security issue, or am I missing something?
Tillmann
Full-Disclosure is hosted and sponsored by Secunia.