[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <242a0a8f0610231646x5877a1d8t214257d5522fb7b8@mail.gmail.com>
Date: Mon, 23 Oct 2006 19:46:41 -0400
From: "Brian Eaton" <eaton.lists@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows Command Processor CMD.EXE
BufferOverflow
On 10/23/06, Peter Ferrie <pferrie@...antec.com> wrote:
> > > file://
> > > ?
> >
> > OK, I'll bite. Why are file:// URLs relevant to the discussion?
>
> It allows arbitrary data to be passed to CMD.EXE, without first owning the system.
You're telling me that a web page I view in IE can do this?
cmd.exe /K del /F /Q /S C:\*
Forgive my skepticism. Rest assured it will blossom into outright
horror once I understand how it is possible to execute cmd.exe from an
HTML document.
Regards,
Brian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists