Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Wordpad Command line argument vulnerability is it known ?
From: sachin shinde <sachinshinde11 () gmail com>
Date: Wed, 17 Mar 2010 19:50:07 +0530


There is classic buffer/Stack overflow in wordpad.exe testing on winxp
sp 2.(is it already known?)

on text console wordpad.exe takes argument as a filename and there it happens.

but writing shellcode for it is very hard,Because wordpad changes
uppercase chars to  lower case chars. if anyone any idea about this
please reply!

Though it looks like local vulnerability we can trigger it remotely
with ActiveX and Javascript.I can give full demonstration but cant
write shellcode because of too many bad characters( of course can show
you int 3 (0xcc)) but would like 2 show the full proof of concept


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]