Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.

From: JamesDyson () BTINTERNET COM (James Dyson)
Date: Sun, 23 Apr 2000 15:41:09 +0100

Send me this crap again and I will take your whole sysetm down
----- Original Message -----
From: "Su Wadlow" <swadlow () UTDALLAS EDU>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Sunday, April 23, 2000 4:38 AM
Subject: Re: Securax Security Advisory: Windows98 contains a serious buffer
overflow with long filenameextensions.

--On Saturday, April 22, 2000 6:00 PM -0500 Ron DuFresne
<dufresne () WINTERNET COM> wrote:


Here's another question:

how dos a dos prompt handle such files?


A dir shows the 'Buffer-overflow' file with a DOS name of __~1._--,
but it's full name is listed next to the time stamp.  I can do a
'dir _á.á------Buffer-overflow-----------aaa*' (sorry, I'm not
typing in all 100 of those a's) and the filename shows up in the
listing.

Can't pass it as a parameter to, like, Notepad -- the buffer won't
go past 80 of the a's.  And I can't delete it unless I use the *
wildcard -- again, the buffer won't accept all of the a's.

Otherwise, nothing unusual that I can see.

--
Su Wadlow
swadlow () utdallas edu
    If I have to explain, you wouldn't understand . . . . :-)
Previous By Date Next
Previous By Thread Next

Current thread: