Vulnerability Development: Re: Microsoft Word RTF parser buffer overflow

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Microsoft Word RTF parser buffer overflow

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Wed, 30 Aug 2000 15:13:37 +0400

Hello Pauli Ojanpera,

This  issue  was  posted  here by hypoclear () JUNGLE NET in beginning of
March. As he noted in his posting EIP isn't overwritten, so this issue
probably couldn't be exploited the way it was in Wordpad.

29.08.2000 17:49, you wrote: Microsoft Word RTF parser buffer overflow;


P> The RTF parser got a bug which can be triggered with
P> a .rtf file like this:
P> "{\rt" + 12000 'x''s + "}"


/3APA3A

By Date By Thread

Current thread:

Microsoft Word RTF parser buffer overflow Pauli Ojanpera (Aug 29)
- Re: Microsoft Word RTF parser buffer overflow 3APA3A (Aug 30)
- <Possible follow-ups>
- Re: Microsoft Word RTF parser buffer overflow Sherrod, Andrew (Aug 30)