[29039] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Riched20.DLL attribute label buffer overflow vulnerability

daemon@ATHENA.MIT.EDU (Marc Ruef)
Tue Feb 25 12:48:22 2003

Date: 25 Feb 2003 08:58:42 -0000
Message-ID: <20030225085842.5552.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Marc Ruef <marc.ruef@computec.ch>
To: bugtraq@securityfocus.com

In-Reply-To: <7353719955.20030218113659@SECURITY.NNOV.RU>

Hi!

>Can't reproduce it on riched20.dll v.3.0 (5.30.23.1200) under NT.

It seems that my Windows XP Professional with riched20.dll v3.0 
5.30.23.1211 is not vulnerable too.

In http://www.securityfocus.com/bid/6874/discussion/ the following remark 
can be found: "Some reports indicate that this vulnerability could not be 
reproduced on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT."

I think that this depends on v3.0 of riched20.dll. This version does not 
seem to contain the bufferoverflow.

Bye, Marc

-- 
http://www.computec.ch


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29039] in bugtraq

Re: Riched20.DLL attribute label buffer overflow vulnerability

daemon@ATHENA.MIT.EDU (Marc Ruef)Tue Feb 25 12:48:22 2003

daemon@ATHENA.MIT.EDU (Marc Ruef)
Tue Feb 25 12:48:22 2003