[Full-disclosure] Windows Command Processor CMD.EXE BufferOverflow
Brian Eaton
eaton.lists at gmail.com
Tue Oct 24 00:46:41 BST 2006
On 10/23/06, Peter Ferrie <pferrie at symantec.com> wrote:
> > > file://
> > > ?
> >
> > OK, I'll bite. Why are file:// URLs relevant to the discussion?
>
> It allows arbitrary data to be passed to CMD.EXE, without first owning the system.
You're telling me that a web page I view in IE can do this?
cmd.exe /K del /F /Q /S C:\*
Forgive my skepticism. Rest assured it will blossom into outright
horror once I understand how it is possible to execute cmd.exe from an
HTML document.
Regards,
Brian
Full-Disclosure is hosted and sponsored by Secunia.