Vulnerability Development mailing list archives

possible format string in ultra edit 8.00

From: Thijs Dalhuijsen <thijs () abzurd com>
Date: Fri, 16 May 2003 12:28:14 +0200

don't know if this is exploitable or not, .. not even sure i want to know ;) 
but inproper handling of values could mean more interesting things i recon.... 

ultraedit allows for you to edit files located on an ftp server. Account-data gets saved in the machine registry 
instead of the user registry so all users on the computer can view and use each others 'bookmarks'

if you use square brackets ([]) in the account name ultraedit flips and can't load in the appropriate data.

no idea what level or what causes it. but being an very popular programmers tool on win32 i thought i'd mention it.

happy hunting,
thijs
--
perl -pe 'tr/izeasgtbgo/1234567890/;$_=0.5<=rand(1)?lc$_:uc$_;'

Current thread:

vulndev-1 and a suggestion about the ensuing discussion Bernie Cosell (May 15)
- <Possible follow-ups>
- Re: vulndev-1 and a suggestion about the ensuing discussion xenophi1e (May 15)
  - possible format string in ultra edit 8.00 Thijs Dalhuijsen (May 16)
  - safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion) Bennett Todd (May 16)
- RE: vulndev-1 and a suggestion about the ensuing discussion Michael Wojcik (May 15)
- Re: vulndev-1 and a suggestion about the ensuing discussion xenophi1e (May 16)
  - Re: vulndev-1 and a suggestion about the ensuing discussion Valdis . Kletnieks (May 17)