WordPad/riched20.dll buffer overflow

[pauli_ojanpera () HOTMAIL COM (Pauli Ojanpera)]

Just if someone needs to know...

Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
overflow problem with ".rtf"-files.

Crashme.rtf:
{\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}

A malicious document may probably abuse this to execute arbitary
code. WordPad crashes with EIP=41414141.

Someone else do deeper investigation since I don't care to.

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com