[Full-disclosure] Windows Command Processor CMD.EXEBufferOverflow
Dave "No, not that one" Korn
davek_throwaway at hotmail.com
Wed Oct 25 14:09:14 BST 2006
Peter Ferrie wrote:
>>> file://
>>> ?
>>
>> OK, I'll bite. Why are file:// URLs relevant to the discussion?
>
> It allows arbitrary data to be passed to CMD.EXE, without first
> owning the system.
No it doesn't. It passes arbitrary data to the windows gui shell exec
function. It doesn't invoke cmd.exe. Unless you have an actual working
example?
cheers,
DaveK
--
Can't think of a witty .sigline today....
Full-Disclosure is hosted and sponsored by Secunia.