vendor:
Windows NT and 2000 Command Prompt
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overrun
120
CWE
Product Name: Windows NT and 2000 Command Prompt
Affected Version From: Windows NT 4.0
Affected Version To: Windows 2000
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows NT 4.0, Windows 2000
2002
Windows NT and 2000 Command Prompt Buffer Overrun Vulnerability
The Windows NT and 2000 command prompt (cmd.exe) does not properly handle paths containing more than 256 characters. If the cd (change directory) command is used to change to a subdirectory resulting in a path with more than 256 characters, a buffer is overrun. This could lead to cmd.exe failing with the possibility of code execution on Windows NT 4.0 systems. Automated scripts that traverse and preform operations on arbitrary directories are particularly vulnerable. On Windows 2000 systems, cmd.exe will become 'jailed' in the directory.
Mitigation:
Ensure that the length of the path does not exceed 256 characters.
