Microsoft Word may also be vulnerable

[hypoclear () JUNGLE NET (hypoclear - lUSt - (Linux Users Strike Today))]

I originally posted this to bugtraq, but was told to post
here instead...

I was reviewing the recent posting about the 'riched32.dll
buffer overflow' (posted in bugtraq) and decided to test out
a few things.  I noticed that when generating the same file,
you could get Microsoft Word '97 to also crash.
ex. file:
{\rtf\AAAAA...AAA}  NOTE: put in 2288 A's
(make this file in notepad, then open it in Word)

This will always crash Word with the EIP register reading
301D48CE.  This I think would make it impossible to execute
code, but I could be wrong (which is why I'm posting),
because I'm still trying to figure out the buffer overflow
thing.  One other interesting thing I noticed is that when
2287 characters are fed in, the page ruler changes to white
and grey stripes (possibly indicating something weird
happening???).

Can anyone find any other results, or possible used of this?
I'm running WinNT 4.0 SP4, and stated before Word '97.

hypoclear