Bugtraq mailing list archives
Re: Riched20.DLL attribute label buffer overflow vulnerability
From: "Raistlin" <raistlin () gioco net>
Date: Mon, 24 Feb 2003 21:47:20 +0100
Since RTF files are opened and rendered automatically by Outlook Express
and
Internet Explorer, this is remotely exploitable through mail and web.
There are still unfixed buffer overflows (i.e. an <a href=""> overflow, http://securenetwork.it/szanero/bug-oe-2.htm) that can be remotely triggered to crash outlook express, so this is not really something new. It simply seems that if a bug does not allow remote code execution, it is not something worth MS attention. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys
Current thread:
- Riched20.DLL attribute label buffer overflow vulnerability Jie Dong (Feb 17)
- Re: Riched20.DLL attribute label buffer overflow vulnerability Thor Larholm (Feb 21)
- Re: Riched20.DLL attribute label buffer overflow vulnerability Raistlin (Feb 24)
- <Possible follow-ups>
- Re: Riched20.DLL attribute label buffer overflow vulnerability 3APA3A (Feb 18)
- Re: Riched20.DLL attribute label buffer overflow vulnerability Marc Ruef (Feb 25)
- Re: Riched20.DLL attribute label buffer overflow vulnerability Thor Larholm (Feb 21)