Archive : 1999 : november : wordpad - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

WordPad/riched20.dll buffer overflow




=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Чт, 18 ноя 1999  13:43:03

   От: Pauli Ojanpera <pauli_ojanpera@HOTMAIL.COM>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: WordPad/riched20.dll buffer overflow

--------------------------------------------------------------------------------




Just if someone needs to know...



Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer

overflow problem with ".rtf"-files.



Crashme.rtf :

{\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}



A malicious document may probably abuse this to execute arbitary

code. WordPad crashes with EIP=41414141.



Someone else do deeper investigation since I don't care to.



______________________________________________________

Get Your Private, Free Email at http://www.hotmail.com

test server