This is probably very useless considering to run cmd.exe remotely you'd already need to have access, but I found cmd.exe has a buffer overflow vuln. I havn't tested it too far, but i copied 570 A's into cmd.exe and corrupted the stack by just a lot. Writing out code for this shouldn't be too hard if you know basic programming in C, so I'll leave that part up to you.
I guess this could be used in a floppy to gain quick admin on a machine at school or w/e if you find or write up some shellcode, but any more possibilities for this are beyond me. So, if anything you walk away with the knowledge that windows has one more reason to suck.
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.