Microsoft Windows Buffer Overflow Vulnerability

vendor:

Windows XP

by:

SecurityFocus

7,5

CVSS

LOW

Buffer Overflow

120

CWE

Product Name: Windows XP

Affected Version From: Microsoft Windows XP SP2

Affected Version To: Microsoft Windows XP SP2

Patch Exists: NO

Related CWE: N/A

CPE: o:microsoft:windows_xp:sp2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2006

Microsoft Windows Buffer Overflow Vulnerability

Microsoft Windows is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Arbitrary code execution may be possible, but this has not been confirmed.

Mitigation:

Bounds checking should be implemented to prevent buffer overflows.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20652/info

Microsoft Windows is prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. 

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Arbitrary code execution may be possible, but this has not been confirmed.

This issue affects Microsoft Windows XP SP2.

Note: Further analysis reveals that this is not a vulnerability; this BID is now retired.

Copy paste the following lin cmd.exe:

%COMSPEC% /K "dir

\\?\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
A
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"