Vulnerability Development mailing list archives

Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions.

From: markus-kern () GMX NET (Markus Kern)
Date: Sun, 23 Apr 2000 15:08:04 +0200


Su Wadlow wrote:

Remembering the comment by Markus Kern about the little tool tip thingy
(Windows *apps* do use it, even Explorer's toolbar) I looked for
something
to which to add the file I had gotten, and noticed my Office Shortcut
Bar.


You're right Explorer's toolbar and the TreeView control
(displaying the directory tree) _do_ use tool tips.
But _not_ the ListView control that is used display the files.

Note that this only applies to Windows 95.
Windows 98 uses tool tips in the ListView control too.

Because the TreeView control uses tool tips I made a directory with
a long extension (about 200 characters). But nothing happened.
All tool tips were displayed properly in Win95 and Win98.
Opening the directory did work as well.

Only WS_FTP95LE crashed when I tried to open the directory that
contained the long-extension-directory:

WS_FTP95 verursachte einen Fehler durch eine ungültige Seite
in Modul WS_FTP95.EXE bei 0137:00419974.
Register:
EAX=61616161 CS=0137 EIP=00419974 EFLGS=00010212
EBX=0068f1be SS=013f ESP=0068f038 EBP=0068f128
ECX=00000000 DS=013f ESI=000081e2 FS=130f
EDX=0068f050 ES=013f EDI=0068f174 GS=0000
Bytes bei CS:EIP:
8b 40 14 c6 84 05 28 ff ff ff 00 8d 45 bc 50 8d
Stapelwerte:
0068f174 000081e2 0068f1be 00000001 00000026
00000bd2 61612e61 61616161 61616161 61616161  <= this doesn't
61616161 61616161 61616161 61616161 61616161  <= look good in
61616161                                      <= a FTP client

This seems to be a problem of WS_FTP not of Windows.

-- Markus

Current thread:

Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Bob Fiero (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
  - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
    - buffer overflow??? Cyber_Bob (Apr 23)
    - Re: buffer overflow??? Przemyslaw Frasunek (Apr 23)
    - Re: buffer overflow??? Sebastian (Apr 23)
    - Re: buffer overflow??? Markus Kern (Apr 23)
    - exploit for W98 long filenameextensions buffer overflow. Laurent Eschenauer (Apr 23)
    - Re: buffer overflow??? Blue Boar (Apr 23)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 23)
- <Possible follow-ups>
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Thomas Dullien (Apr 23)
  - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. James Dyson (Apr 23)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Arturo Busleiman (Apr 23)
    - Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Blue Boar (Apr 23)
    - Securax Extension overflow update. Securax (Apr 23)
    - Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Octavian (Apr 23)

(Thread continues...)