Bugtraq mailing list archives
Re: WordPad/riched20.dll buffer overflow
From: scott () ACRID SCHEMATIX NET (User SCOTT)
Date: Fri, 19 Nov 1999 00:15:12 +0000
This bug is also present in Microsoft's flagship operating system Windows 2000 On Thu, 18 Nov 1999, Pauli Ojanpera wrote:
Just if someone needs to know...
Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
overflow problem with ".rtf"-files.
Crashme.rtf :
{\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}
A malicious document may probably abuse this to execute arbitary
code. WordPad crashes with EIP=41414141.
Someone else do deeper investigation since I don't care to.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- 3Com cable modems / Mediaone, (continued)
- 3Com cable modems / Mediaone Signal 11 (Nov 27)
- Re: 3Com cable modems / Mediaone Joseph W. Breu (Nov 29)
- NTmail and VRFY George (Nov 30)
- Netscape Communicator 4.7 - Navigator Overflows Mike Boto (Nov 27)
- Re: WordPad/riched20.dll buffer overflow Crispin Cowan (Nov 27)
- Re: WordPad/riched20.dll buffer overflow Solar Designer (Nov 29)
- Re: WordPad/riched20.dll buffer overflow Casper Dik (Nov 30)
- Default IE 5.0 security settings allow frame spoofing Georgi Guninski (Nov 30)
- Re: WordPad/riched20.dll buffer overflow Jason Spence (Nov 28)
- TooRcon Computer Security Expo Announces Pre-Registration Ben (Nov 28)
- Re: WordPad/riched20.dll buffer overflow - Full Details Solar Eclipse (Nov 21)
- Re: WordPad/riched20.dll buffer overflow Solar Eclipse (Nov 22)
- Re: WordPad/riched20.dll buffer overflow Ron Parker (Nov 23)
- Re: WordPad/riched20.dll buffer overflow Mnemonix (Nov 23)