[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Windows XP cmd.exe crash
From: Pedro Laguna <pedlagdur () hotmail ! co ! uk>
Date: 2013-06-28 13:17:43
Message-ID: DUB118-W789BC0071AD7A5A1412F7EA760 () phx ! gbl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Ey list! Just something quick and funny crash I found long time ago and it =
may give some of you something to check this weekend.
Windows XP cmd.exe crash when trying to copy files with a very long name. T=
he following BATCH file can crash the cmd.exe process:
----------------------------------- crash.bat -----------------------------=
---------@echo offecho test > data.txtcopy "%CD%"\data.txt \\.\C:\AAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAA.txtREM copy "%CD%"\data.txt \\?\C:\AAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
.txt---------------------------------- / crash.bat ------------------------=
----------------
It only happens with "copy" but not with "move" command and with both \\.\ =
and \\?\ prefixes. I'm not an expert on these fields so I don't know if it =
will be possible to exploit it=2C maybe some of you with crazy kung fu skil=
ls can do it. If not=2C it's just a weird behaviour for the cmd.exe and giv=
en that is less than a year to the end of life of the Windows XP cannot see=
any harm sharing it.
Ta!
--
Pedro Laguna =
[Attachment #5 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Ey list! Just something quick and funny crash I found \
long time ago and it may give some of you something to check this \
weekend.<div><br></div><div>Windows XP cmd.exe crash when trying to copy files with a very long \
name. The following BATCH file can crash the cmd.exe \
process:</div><div><br></div><div>----------------------------------- crash.bat \
--------------------------------------</div><div><div>@echo off</div><div>echo test > \
data.txt</div><div>copy "%CD%"\data.txt \
\\.\C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txt</div><div>REM copy \
"%CD%"\data.txt \\?\C:\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.txt</div><div>---------------------------------- \
/ crash.bat ----------------------------------------</div><div><br></div><div>It only happens \
with "copy" but not with "move" command and with both \\.\ and \\?\ prefixes. I'm not an expert \
on these fields so I don't know if it will be possible to exploit it, maybe some of you with \
crazy kung fu skills can do it. If not, it's just a weird behaviour for the cmd.exe and given \
that is less than a year to the end of life of the Windows XP cannot see any harm sharing \
it.</div><div><br></div><div>Ta!</div><br>--<br>Pedro Laguna</div> </div></body> \
</html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic