Re: WordPad/riched20.dll buffer overflow

From: User SCOTT (scottat_private)
Date: Thu Nov 18 1999 - 16:15:12 PST

Next message: Tobias Haustein: "buffer overflow in HP JetDirect module (probably affects all HP"

Previous message: Kerb: "Notifying Vendors"
Maybe in reply to: Pauli Ojanpera: "WordPad/riched20.dll buffer overflow"
Next in thread: Bronek Kozicki: "Re: WordPad/riched20.dll buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This bug is also present in Microsoft's flagship operating system Windows
2000

On Thu, 18 Nov 1999, Pauli Ojanpera wrote:

> Just if someone needs to know...
>
> Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
> overflow problem with ".rtf"-files.
>
> Crashme.rtf :
> {\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}
>
> A malicious document may probably abuse this to execute arbitary
> code. WordPad crashes with EIP=41414141.
>
> Someone else do deeper investigation since I don't care to.
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>

Next message: Tobias Haustein: "buffer overflow in HP JetDirect module (probably affects all HP"
Previous message: Kerb: "Notifying Vendors"
Maybe in reply to: Pauli Ojanpera: "WordPad/riched20.dll buffer overflow"
Next in thread: Bronek Kozicki: "Re: WordPad/riched20.dll buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:26 PDT