lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Oct 2006 18:37:00 -0500 From: "Randall M" <randallm@...mail.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: Windows Command Processor CMD.EXE Some how I missed the thread here but not anymore. Any talk on the side about this Please add me to the CC. Thank You Randall M ===================== "You too can have your very own Computer!" Note: Side effects include: Blue screens; interrupt violation; illegal operations; remote code exploitations; virus and malware infestations; and other unknown vulnerabilities. [------------------------------ [ [Message: 2 [Date: Mon, 23 Oct 2006 20:38:11 -0700 [From: "Debasis Mohanty" <debasis.mohanty.listmails@...il.com> [Subject: Re: [Full-disclosure] Windows Command Processor CMD.EXE [ BufferOverflow [To: full-disclosure@...ts.grok.org.uk [Message-ID: [ <bb5da2a80610232038t6606700dy41cfd943b49bff24@...l.gmail.com> [Content-Type: text/plain; charset=ISO-8859-1; format=flowed [ [>> Matthew Flaschen <matthew.flaschen@...ech.edu> to Peter, [>> full-disclosure Aren't cross-zone urls disallowed by [default, though? [ [I agree with Matthew & Brian. If cmd.exe can be run from a [browser using file:// irrespective of cross-zone security [boundaries then there are *much* other urgent things to be attended. [ [However, there are other attack vectors out of which few are [already mentioned by Nick. This can definitely be exploitable [in conjunction with other attack vectors. [ [regards, [-d [ [On 10/23/06, Brian Eaton <eaton.lists@...il.com> wrote: [> On 10/23/06, Peter Ferrie <pferrie@...antec.com> wrote: [> > > > file:// [> > > > ? [> > > [> > > OK, I'll bite. Why are file:// URLs relevant to the discussion? [> > [> > It allows arbitrary data to be passed to CMD.EXE, without [first owning the system. [> [> You're telling me that a web page I view in IE can do this? [> [> cmd.exe /K del /F /Q /S C:\* [> [> Forgive my skepticism. Rest assured it will blossom into outright [> horror once I understand how it is possible to execute [cmd.exe from an [> HTML document. [> [> Regards, [> Brian [> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists