[12651] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

WordPad/riched20.dll buffer overflow

daemon@ATHENA.MIT.EDU (Pauli Ojanpera)
Thu Nov 18 13:47:29 1999

Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-Id:  <19991118094304.1519.qmail@hotmail.com>
Date:         Thu, 18 Nov 1999 10:43:03 CET
Reply-To: Pauli Ojanpera <pauli_ojanpera@HOTMAIL.COM>
From: Pauli Ojanpera <pauli_ojanpera@HOTMAIL.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

Just if someone needs to know...

Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
overflow problem with ".rtf"-files.

Crashme.rtf :
{\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}

A malicious document may probably abuse this to execute arbitary
code. WordPad crashes with EIP=41414141.

Someone else do deeper investigation since I don't care to.

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12651] in bugtraq

WordPad/riched20.dll buffer overflow

daemon@ATHENA.MIT.EDU (Pauli Ojanpera)Thu Nov 18 13:47:29 1999

daemon@ATHENA.MIT.EDU (Pauli Ojanpera)
Thu Nov 18 13:47:29 1999