Just if someone needs to know...
Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
overflow problem with ".rtf"-files.
Crashme.rtf :
{\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}
A malicious document may probably abuse this to execute arbitary
code. WordPad crashes with EIP=41414141.
Someone else do deeper investigation since I don't care to.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
- Re: WordPad/riched20.dll buffer overflow Pauli Ojanpera
- Re: WordPad/riched20.dll buffer overflow Gerardo Richarte
- Re: WordPad/riched20.dll buffer overflow Mnemonix
- Re: WordPad/riched20.dll buffer overflow Solar Eclipse
- Re: WordPad/riched20.dll buffer overfl... Ron Parker
- Re: WordPad/riched20.dll buffer overfl... Gerardo Richarte
- Re: WordPad/riched20.dll buffer overfl... Gerardo Richarte
- Re: WordPad/riched20.dll buffer o... pedward
- Re: WordPad/riched20.dll buff... Christopher Rhodes
- Re: WordPad/riched20.dll ... Glynn Clements
- Re: WordPad/riched20.dll ... Jason Spence
