Re: Riched20.DLL attribute label buffer overflow vulnerability

From: Raistlin (raistlinat_private)
Date: Mon Feb 24 2003 - 12:47:20 PST

Next message: Thamer Al-Harbash: "Re: buffer overrun in zlib 1.1.4"

Previous message: Michael Howard: "Securing Windows 2000 Server Documentation"
In reply to: Thor Larholm: "Re: Riched20.DLL attribute label buffer overflow vulnerability"
Next in thread: Marc Ruef: "Re: Riched20.DLL attribute label buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Since RTF files are opened and rendered automatically by Outlook Express
and
> Internet Explorer, this is remotely exploitable through mail and web.

There are still unfixed buffer overflows (i.e. an <a href=""> overflow,
http://securenetwork.it/szanero/bug-oe-2.htm) that can be remotely triggered
to crash outlook express, so this is not really something new.

It simply seems that if a bug does not allow remote code execution, it is
not something worth MS attention.

Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys

Next message: Thamer Al-Harbash: "Re: buffer overrun in zlib 1.1.4"
Previous message: Michael Howard: "Securing Windows 2000 Server Documentation"
In reply to: Thor Larholm: "Re: Riched20.DLL attribute label buffer overflow vulnerability"
Next in thread: Marc Ruef: "Re: Riched20.DLL attribute label buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 24 2003 - 13:51:43 PST