Vulnerability Development mailing list archives

Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions.

From: markus-kern () GMX NET (Markus Kern)
Date: Sat, 22 Apr 2000 20:23:17 +0200

I attempted to test this on two systems and could not produce any problems
at all handling the file created with the batch file command supplied. I am
running Win98 Lite (Internet Explorer and Outlook stripped out, with the
Win95 explore.exe as the shell for increased security, reliability, and
performance).


The batch file in the original post doesn't work correct.
You must remove the space between "------Buffer" and
"overflow-----------" in
order to get it working.

I tested it on two different systems:

1. Windows 98 (German)
The explorer crashed after moving the mouse cursor over the filename.
Using the cursor keys and ENTER to open the file didn't lead to unusual
behaviour.
The normal dialog to choose the application to open the file with was
diplayed.

I think the problem is the little tool tip window that shows the whole
filename
when the mouse is moved over a file which's name is to long to be
entirely displayed.

2. Windows 95 OSR2 (German)
Nothing happened here. Neither moving the cursor over the filename nor
clicking on
the file yielded unusual behaviour.

Note: Windows 95 doesn't use these tool tip windows.

-- Markus

Current thread:

Re: No-Exec Stack Smashing 101, (continued)
- - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 20)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 20)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 20)
    - Re: No-Exec Stack Smashing 101 Mariusz Woloszyn (Apr 21)
    - Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Zoa_Chien (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Bob Fiero (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Zoa_Chien (Apr 21)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Zoa_Chien (Apr 23)
    - koules again Kotz (Apr 21)
    - Re: koules again Ron DuFresne (Apr 21)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 25)
    - Re: No-Exec Stack Smashing 101 M.C.Mar (Apr 26)
    - limited functionality accounts (was: Re: History Files) Alex Andrews (Apr 25)
    - Re: limited functionality accounts (was: Re: History Files) Rob Kouwenberg (Apr 28)
    - Re: No-Exec Stack Smashing 101 Granquist, Lamont (Apr 26)
    - long file names in explorer.exe kj (Apr 26)
    - Re: long file names in explorer.exe Rory Savage (Apr 28)

(Thread continues...)