Brian Eaton wrote: > Is there a reason that a buffer overflow in cmd.exe matters? > > If the attacker is sending arbitrary input to cmd.exe, haven't they > owned the box anyway?
Without trying to test anything, it just may be exploitable via a "shortcut" file or a Packager "package", either embedded or in the form of a standalone (.SHS or similar) file. If so, that potentially opens up a few "assisted remote" (i.e. the user has to double-click an attachment, click a URL link, etc) exploit options... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
