[12664] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: WordPad/riched20.dll buffer overflow

daemon@ATHENA.MIT.EDU (User SCOTT)
Fri Nov 19 18:17:27 1999

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id:  <Pine.BSF.4.10.9911190014340.83358-100000@Acrid.SchematiX.NET>
Date:         Fri, 19 Nov 1999 00:15:12 +0000
Reply-To: User SCOTT <scott@ACRID.SCHEMATIX.NET>
From: User SCOTT <scott@ACRID.SCHEMATIX.NET>
X-To:         Pauli Ojanpera <pauli_ojanpera@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <19991118094304.1519.qmail@hotmail.com>

This bug is also present in Microsoft's flagship operating system Windows
2000

On Thu, 18 Nov 1999, Pauli Ojanpera wrote:

> Just if someone needs to know...
>
> Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
> overflow problem with ".rtf"-files.
>
> Crashme.rtf :
> {\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}
>
> A malicious document may probably abuse this to execute arbitary
> code. WordPad crashes with EIP=41414141.
>
> Someone else do deeper investigation since I don't care to.
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>

home	help	back	first	fref	pref	prev	next	nref	lref	last	post