Vulnerability Development mailing list archives

Re: Microsoft Word RTF parser buffer overflow

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 30 Aug 2000 15:13:37 +0400

Hello Pauli Ojanpera,

This  issue  was  posted  here by hypoclear () JUNGLE NET in beginning of
March. As he noted in his posting EIP isn't overwritten, so this issue
probably couldn't be exploited the way it was in Wordpad.

29.08.2000 17:49, you wrote: Microsoft Word RTF parser buffer overflow;


P> The RTF parser got a bug which can be triggered with
P> a .rtf file like this:
P> "{\rt" + 12000 'x''s + "}"


/3APA3A

Current thread:

Microsoft Word RTF parser buffer overflow Pauli Ojanpera (Aug 29)
- Re: Microsoft Word RTF parser buffer overflow 3APA3A (Aug 30)
- <Possible follow-ups>
- Re: Microsoft Word RTF parser buffer overflow Sherrod, Andrew (Aug 30)