Bugtraq mailing list archives

Re: Another Windows98 Bug...

From: aje () ARCODAN DK (Jensen Allan AJE)
Date: Fri, 12 Feb 1999 09:53:00 -0000


Scott  (10-02-98  01:49):

I'm not sure about the details of this problem, but when testing another

buffer overflow, I created a long filename called "testfile.txt
"

(note the chr(160)'s at the end) It is 235 characters in length.  After

creating it on my desktop, I right clicked on it; explorer crashed saying it
caused an illegal operation.  the only way I found to close this was by using
command.com  I sent this to a friend and he got the same error.

I tried the same under Windows NT 4 Workstation SP3, except the file name
length was only 225 bytes, called "hello.txt(lots of spaces)(chr(160))", and
Explorer crashed as well here.

It seems to be an Explorer-only bug, as no other application I've tried went
down.

Oh well, another buffer overflow..

_______________________________________________________________________
Allan Jensen         Scientific Atlanta Arcodan A/S Phone  +45 73122150
System Administrator Augustenborg Landevej 7        Direct +45 73122154
IT-Support           DK-6400 Sonderborg             Fax    +45 74423907
aje () sciatl dk        http://www.arcodan.com

Current thread:

Re: SSH 1.x and 2.x Daemon Tibor Toronyi (Feb 08)
- Another Windows98 Bug... Scott (Feb 09)
  - Re: Another Windows98 Bug... Jensen Allan AJE (Feb 12)
    - mc & Segmentation fault shaman (Feb 12)
    - Re: Another Windows98 Bug... Nick Lamb (Feb 12)
- Re: SSH 1.x and 2.x Daemon Brandon S. Allbery (Feb 09)
- Re: SSH 1.x and 2.x Daemon Greg A. Woods (Feb 09)
  - Re: SSH 1.x and 2.x Daemon Casper Dik (Feb 11)
    - Re: SSH 1.x and 2.x Daemon Kevin Vajk (Feb 12)
  - Rainbow Six Buffer Overflow..... Brian Gemberling (Feb 11)
- Access 97 Password Unmasker Nate Lawson (Feb 09)
- Lynx /tmp problem Juan Diego Bolanos (Feb 09)
  - Re: Lynx /tmp problem Theo de Raadt (Feb 11)

(Thread continues...)