Vulnerability Development mailing list archives
Microsoft Word may also be vulnerable
From: hypoclear () JUNGLE NET (hypoclear - lUSt - (Linux Users Strike Today))
Date: Thu, 2 Mar 2000 19:48:25 -0000
I originally posted this to bugtraq, but was told to post here instead... I was reviewing the recent posting about the 'riched32.dll buffer overflow' (posted in bugtraq) and decided to test out a few things. I noticed that when generating the same file, you could get Microsoft Word '97 to also crash. ex. file: {\rtf\AAAAA...AAA} NOTE: put in 2288 A's (make this file in notepad, then open it in Word) This will always crash Word with the EIP register reading 301D48CE. This I think would make it impossible to execute code, but I could be wrong (which is why I'm posting), because I'm still trying to figure out the buffer overflow thing. One other interesting thing I noticed is that when 2287 characters are fed in, the page ruler changes to white and grey stripes (possibly indicating something weird happening???). Can anyone find any other results, or possible used of this? I'm running WinNT 4.0 SP4, and stated before Word '97. hypoclear
Current thread:
- Microsoft Word may also be vulnerable hypoclear - lUSt - (Linux Users Strike Today) (Mar 02)