https://www.exploit-db.com/exploits/22243
https://cxsecurity.com/issue/WLB-2007100102
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-070

FAR是一款由EugeneRoshal开发的文件管理程序。FAR解析目录路径时缺少正确边界缓冲检查，本地攻击者可以利用这个漏洞进行缓冲区溢出攻击，导致拒绝服务。如果路径名超过260个字符，FAR在解析的时候就会发生缓冲区溢出，导致程序崩溃。

source: http://www.securityfocus.com/bid/6822/info

A buffer overflow vulnerability has been reported for FAR that may result in a denial of service condition. The vulnerability exists due to insufficient bounds checking performed by FAR when parsing directory paths. Specifically, when FAR attempts to parse overly long paths it will crash thereby resulting in a denial of service condition. 

SET A=A<260 chars>A
SET B=BBBBBBBBBBBBBBBB
mkdir \?c:%A%
mkdir \?c:%A%%A%
mkdir \?c:%A%%B%

来源:XF
名称:far-long-path-bo(11293)
链接:http://xforce.iss.net/xforce/xfdb/11293
来源:BID
名称:6822
链接:http://www.securityfocus.com/bid/6822
来源:BUGTRAQ
名称:20030211SECURITY.NNOV:Farbufferoverflow
链接:http://www.securityfocus.com/archive/1/311334
来源:SREASON
名称:3281
链接:http://securityreason.com/securityalert/3281
来源：NSFOCUS
名称：4379
链接：http://www.nsfocus.net/vulndb/4379