[Full-disclosure] Windows Command Processor CMD.EXE Buffer Overflow
Nick FitzGerald
nick at virus-l.demon.co.uk
Mon Oct 23 22:44:23 BST 2006
Brian Eaton wrote:
> Is there a reason that a buffer overflow in cmd.exe matters?
>
> If the attacker is sending arbitrary input to cmd.exe, haven't they
> owned the box anyway?
Without trying to test anything, it just may be exploitable via a
"shortcut" file or a Packager "package", either embedded or in the form
of a standalone (.SHS or similar) file. If so, that potentially opens
up a few "assisted remote" (i.e. the user has to double-click an
attachment, click a URL link, etc) exploit options...
Regards,
Nick FitzGerald
Full-Disclosure is hosted and sponsored by Secunia.