Vulnerability Development mailing list archives

cipher.exe overflow

From: "moran zavdi" <moraniam () hotmail com>
Date: Mon, 21 Apr 2003 13:59:42 +0000

Hi,

there is a problem with cipher.exe.
overflow occurs when you add string of more than 256 chars.
example:
c:\> cipher.exe  <A * 257>

program will crash.

anyway Microsoft response was:

"Thank you for your feedback. We are definitely commited to fixing thisissue in Cipher.exe.We've had several people look into this issue, and the biggest impact we'vefound that it has is a crash of the file which results in a local denial ofservice in the file itself."



Regards,

Moran Zavdi
DataSEC
http://www.data-sec.com


_________________________________________________________________

The new MSN 8: smart spam protection and 2 months FREE*http://join.msn.com/?page=features/junkmail

Current thread:

cipher.exe overflow moran zavdi (Apr 22)
- Re: cipher.exe overflow K. K. Mookhey (Apr 23)
- <Possible follow-ups>
- Re: cipher.exe overflow moran zavdi (Apr 24)
  - Re: cipher.exe overflow (runas.exe) wirepair (Apr 28)