Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Securax Security Advisory: Windows98 contains a serious buffer overflow with long filenameextensions.

From: lightning () L-G-X DE (LiGHTNiNG)
Date: Mon, 24 Apr 2000 20:49:11 +0200


First machine: Win95



My first attempt was with the batch file verbatim, which as

we've found

by now, doesn't work.  So I changed the ' ' to a '-' and

ran the batch

file again.  I got the '_á.á------Buffer-overflow--blah'

file, but when

the batch file got to the other one all I got was a "File

creation

error".

This error occurs, when the filename is longer than 225
characters.
My batchfile:

dir *.* > noop.1111111111111111111111111111111111
11111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111
11111111111111111111111111111111111111111111
1111111111

If I woul add one more "1", your error would occure.


Back in Explorer I tried clicking the 'Buffer-overflow'

file -- nothing.

Double clicking it just brought up the Windows 'Open With'

dialog box --

nothing unusual.  And I've had no trouble opening this file

with either

Notepad or WordPad -- I've tried several times both using

the Windows

'Open With' box and the apps' Open dialog boxes.

That was the problem with the original batch file that was
corrupt.

Sebastian "LiGHTNiNG" Maciejewski
Previous By Date Next
Previous By Thread Next

Current thread: