long file name exploit existing since 2001-2002
On Fri, Jun 28, 2013 at 6:47 PM, Pedro Laguna pedlag...@hotmail.co.ukwrote:
Ey list! Just something quick and funny crash I found long time ago and it
may give some of you something to check this weekend.
Windows XP cmd.exe crash when trying to copy files with a very long name.
The following BATCH file can crash the cmd.exe process:
--- crash.bat
--
@echo off
echo test data.txt
copy %CD%\data.txt
\\.\C:\A.txt
REM copy %CD%\data.txt
\\?\C:\A.txt
-- / crash.bat
It only happens with copy but not with move command and with both \\.\
and \\?\ prefixes. I'm not an expert on these fields so I don't know if it
will be possible to exploit it, maybe some of you with crazy kung fu skills
can do it. If not, it's just a weird behaviour for the cmd.exe and given
that is less than a year to the end of life of the Windows XP cannot see
any harm sharing it.
Ta!
--
Pedro Laguna
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
