> Just if someone needs to know...
>
> Win98/NT4 Riched20.dll (which WordPad uses) has a classic buffer
> overflow problem with ".rtf"-files.
>
> Crashme.rtf :
> {\rtf\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA}
>
> A malicious document may probably abuse this to execute arbitary
> code. WordPad crashes with EIP=41414141.
I got my WordPad crashed with message:
The instruction at "0x61616161" referenced memory at "0x61616161". The
memory could not be "read".
I press "OK" to close application, next message is:
The instruction at "0x5f8012b3" referenced memory at "0x00000004". The
memory could not be "read".
Then I have only "choice" to "terminate the application".
I use Windows NT (international English edtion) + SP5 .
Bronek Kozicki
