Re: Windows file I/O not internationalized

From: Liu Die Yu (liudieyu_at_UMBRELLA.NAME)
Date: 10/27/04

  • Next message: Russ: "Problems with MS04-032" 
    Date:         Wed, 27 Oct 2004 09:34:47 +0800
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Microsoft never considers internationalization as an important thing.
    Here is another case:
    remeber DOUBLE-BYTE-SYSTEM SITE SPOOFING BUG mentioned in the last OCT
    MSIE patch(MS04-038)? if no corrosponding patch deployed, it only works
    on dbl-byte-lang systems like chinese. and it does not work on systems
    with default lang set to english.

    anyway, these guys don't consider "internationalization" vuln as an
    urgent thing(because they got much more funny vulnerabilities to patch).
    so don't expect them to fix your "internationalization" non-security bug
    in a short time ...

    and a note for all bug finders: use english systems for finding bugs. :-)

    Paul Szabo wrote:

    >We have a Windows application (TCL script really) that wants to find the
    >IP address of the PC it runs on; it effectively does
    >
    > cmd /c "ipconfig > ip.txt"
    >
    >then reads the file. This works fine everywhere, except... I have a user
    >with WinXP set to Chinese language. For this user, the file stops after
    >"Ethernet adapter" (contains just 53 characters). Doing ipconfig without
    >redirection in a CommandPrompt window works fine and says the equivalent
    >of "Local Area Connection" in Chinese.
    >
    >Seems to me that file I/O redirection, angle-brackets or pipe symbols,
    >stop at the first non-English character. Is this a known bug or feature?
    >If so, does anyone know a workaround? Otherwise, does this have security
    >implications?
    >
    >Cheers,
    >
    >Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
    >School of Mathematics and Statistics University of Sydney 2006 Australia
    >
    >--
    >NTBugtraq Editor's Note:
    >
    >Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    >--
    >
    >.
    >
    >
    > 

    --
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
--
  • Next message: Russ: "Problems with MS04-032"