Defense in depth - the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe - Cyber Security News

Read Time:24 Second

Posted by Stefan Kanthak on May 10

Hi @ll,

the subject says it all: a 25 year old TRIVIAL signed integer
arithmetic bug (which may well have earned a PhD now) crashes
Windows’ command interpreter CMD.exe via its builtin SET command.
See their documentation:
<https://technet.microsoft.com/en-us/library/cc771320.aspx>
<https://technet.microsoft.com/en-us/library/cc754250.aspx>

Classification
~~~~~~~~~~~~~~

<https://cwe.mitre.org/data/definitions/190.html>…

More Stories

GLSA 202409-07: Rust: Multiple Vulnerabilities

Post Content Read More

September 22, 2024

GLSA 202409-06: file: Stack Buffer Overread

Post Content Read More

September 22, 2024

GLSA 202409-05: PJSIP: Heap Buffer Overflow

Post Content Read More

September 22, 2024

GLSA 202409-04: calibre: Multiple Vulnerabilities

Post Content Read More

September 22, 2024

GLSA 202409-03: GPL Ghostscript: Multiple Vulnerabilities

Post Content Read More

September 22, 2024

GLSA 202409-02: PostgreSQL: Privilege Escalation

Post Content Read More

September 22, 2024