TUCoPS :: HP Unsorted P :: bx1457.htm

Pipe to FOR Crashes CMD
Pipe to FOR Crashes CMD
Pipe to FOR Crashes CMD


Pipe the output of a command to FOR in (), and you crash the Windows
Vista Windows Command Processor (CMD.exe) with a DEP violation. I expect
it works on Server 2008 as well.

Maybe this is exploitable for privilege escalation, at least on a
machine with DEP disabled. I did not do any dump analysis or debugging
to find out.

Example:

Echo | for %i in () do rem

For ECHO you can substitute about any command. Any variation of FOR
seems to give the same results as long as "in ()".

Does not appear to work in XPSP2, Server 2003, or Win2000.

Reported to Microsoft yesterday. They declined to pursue an
authenticated self-DoS issue.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH