Vulnerability Development mailing list archives
Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions.
From: markus-kern () GMX NET (Markus Kern)
Date: Sun, 23 Apr 2000 15:08:04 +0200
Su Wadlow wrote:
Remembering the comment by Markus Kern about the little tool tip thingy (Windows *apps* do use it, even Explorer's toolbar) I looked for something to which to add the file I had gotten, and noticed my Office Shortcut Bar.
You're right Explorer's toolbar and the TreeView control (displaying the directory tree) _do_ use tool tips. But _not_ the ListView control that is used display the files. Note that this only applies to Windows 95. Windows 98 uses tool tips in the ListView control too. Because the TreeView control uses tool tips I made a directory with a long extension (about 200 characters). But nothing happened. All tool tips were displayed properly in Win95 and Win98. Opening the directory did work as well. Only WS_FTP95LE crashed when I tried to open the directory that contained the long-extension-directory: WS_FTP95 verursachte einen Fehler durch eine ungültige Seite in Modul WS_FTP95.EXE bei 0137:00419974. Register: EAX=61616161 CS=0137 EIP=00419974 EFLGS=00010212 EBX=0068f1be SS=013f ESP=0068f038 EBP=0068f128 ECX=00000000 DS=013f ESI=000081e2 FS=130f EDX=0068f050 ES=013f EDI=0068f174 GS=0000 Bytes bei CS:EIP: 8b 40 14 c6 84 05 28 ff ff ff 00 8d 45 bc 50 8d Stapelwerte: 0068f174 000081e2 0068f1be 00000001 00000026 00000bd2 61612e61 61616161 61616161 61616161 <= this doesn't 61616161 61616161 61616161 61616161 61616161 <= look good in 61616161 <= a FTP client This seems to be a problem of WS_FTP not of Windows. -- Markus
Current thread:
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Bob Fiero (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- buffer overflow??? Cyber_Bob (Apr 23)
- Re: buffer overflow??? Przemyslaw Frasunek (Apr 23)
- Re: buffer overflow??? Sebastian (Apr 23)
- Re: buffer overflow??? Markus Kern (Apr 23)
- exploit for W98 long filenameextensions buffer overflow. Laurent Eschenauer (Apr 23)
- Re: buffer overflow??? Blue Boar (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Markus Kern (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- <Possible follow-ups>
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Thomas Dullien (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Ron DuFresne (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Su Wadlow (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. James Dyson (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Arturo Busleiman (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Blue Boar (Apr 23)
- Securax Extension overflow update. Securax (Apr 23)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. John Swensson (Apr 22)
- Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions. Octavian (Apr 23)