Command history vulnerability in Windows 2000 and Windows NT

Reported July 25, 2001, by Siffredi Dani.

VERSIONS AFFECTED

  • Windows 2000

  • Windows NT 4.0

 

DESCRIPTION
A vulnerability exists in Windows 2000 and Windows NT that lets a user crash the system by opening a command prompt, running a certain command (e.g., ping, dir), and pressing F7, then Enter repeatedly during the command’s execution. Depending on the system’s configuration, Win2K or NT will either reboot or display a blue screen with the following information:

 

STOP: c000021a \{Fatal System Error\}

The Windows Subsystem System Process Terminated Unexpectedly

with a status of 0xc0000005 (0x5ffb4e15 0x0040fa38).

The system has been shut down.

 

Using the F7 key in a command prompt window shows the command history.

 

VENDOR RESPONSE

The vendor, Microsoft, has been contacted, but has not released a fix or workaround for this issue.

 

CREDIT
Discovered by Siffredi Dani.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish