OK, in Windows 2000 or NT, the Messenger service is usually run from a console, which has a maximum command length of 250 [or something]. And if you run it from a 'run' menu it does the same.

But consider this: place this in a Visual Basic form.

--------------------------------------
Private Sub Form_Load()

Dim strMessage As String
strMessage = "[Large number of letters]"
Shell "net send localhost " & strMessage & strMessage & _ strMessage & strMessage & strMessage & strMessage & _ strMessage & strMessage & strMessage & strMessage

End Sub
---------------------------------------

(The same can be achieved with any other programming languages)


Is this buffer exploitable? Please tell me. I've tried and nothing's worked.