Vulnerability Development mailing list archives
Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with blah blah blah
From: vulndev.schlachter () CORNELL EDU (Jake Schlachter)
Date: Sat, 22 Apr 2000 03:24:00 -0400
Bob Fiero wrote:
I attempted to test this on two systems and could not produce any problems at all handling the file created with the batch file command supplied. I am
...
I use Eudora, which you claim will crash if you attach this file to a message. Can you send me an example, and I'll let you know what if anything happens?
The batch file supplied in the initial post isn't functional unless you remove the spaces in between parts of the filename. In my tests, the file seemed rather inert until double clicked, at which time it crashed explorer.exe. None of the test files I used caused a Blue Screen. Viewing the directory afterwards (without restart) produced inconsistent results-- but usually it would not crash until the file was clicked. I also emailed the file to myself as an attachment, downloaded and stored with Eudora Pro 4.2.0.58, and nothing happened. At all. Even after going back into the dir in explorer and clicking it. Ron DuFresne wrote:
Your having stripped Internet Explorer and/or dropping in Win95 explore.exe might well be what has caused ths to not function on your end.
My tests were performed under win98 using litestep as the shell, but I've got the standard win98 explorer.exe. The long and short of my tests is that this bug doesn't seem like a threat unless users are actively engaging the problematic file. -- jake.schlachter () cornell edu
Current thread:
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with blah blah blah Jake Schlachter (Apr 22)