> Just if someone needs to know... > > Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer > overflow problem with ".rtf"-files. > > Crashme.rtf : > {\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA} > > A malicious document may probably abuse this to execute arbitary > code. WordPad crashes with EIP=41414141. I got my WordPad crashed with message: The instruction at "0x61616161" referenced memory at "0x61616161". The memory could not be "read". I press "OK" to close application, next message is: The instruction at "0x5f8012b3" referenced memory at "0x00000004". The memory could not be "read". Then I have only "choice" to "terminate the application". I use Windows NT (international English edtion) + SP5 . Bronek Kozicki
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:28 PDT