[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] strange wordpad.exe behavior!

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] strange wordpad.exe behavior!
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Wed, 29 Oct 2003 18:32:40 +1300

Bipin Gautam <door_hUNT3R@blackcodemail.com> wrote:

> Moroons... 'KILL YOURSELF'...... LET'S SWITCH TO THE TOPIC ANYWAY!
> -----------------------------------------------------------------------
> i am using windowsxp at the moment!!!

How thrilling for you, I'm sure...

> the most surprising thing is... SOMETIMES! wordpad.exe crashes after

Nah -- sporadic and non-repeatable crashes are run-of-thw-mill for MS 
software.  Nothing surprising in that at all...

> executing the 'test.rtf' and sometimes... test.rtf opens but strangely
> ..... with garbage on the content [whose letter size is 0 so copy...
> paste the garbage to... see it's content!!!] MORE SURPRISING... [you
> must be dam lucky.....] try opening the test.rtf several times! if you
> are lucky and it doesn't crash and open......
> 
> TRY, monitoring its content......... WELL, the garbage info. dispalyed
> in the file DOES CHANGE!!! IF YOU successfully try this several.........
> times!!!
> 
> <can anyone explain me why does the garbage info. change if sometime it
> manage to successfully open, and how is it generated???> 

Wasn't this investigated back in February of this year?

Like in the Bugtraq thread referenced here????

  http://www.securityfocus.com/archive/1/312028/2003-10-26/2003-11-01/1

> seems like  the tag that determines the size of file [ie: fs] get's

Reference to the RTF format specification:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnrtfspec/html/rtfspec.asp

would have told you that is "font size in half points":

http://msdn.microsoft.com/library/en-us/dnrtfspec/html/rtfspec_16.asp?FRAME=true#rtfspec_21

and thus saved you guessing wrongly.

> mad... when it get's an invalid file size.......

Yes -- this was shown earlier this year to cause sporadically weird and 
unstable behaviour.  Please refer to the existing message thread in the 
Bugtraq archives.

Anyway, congratulations on telling us this _again_...

Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] strange wordpad.exe behavior!
  - From: Bipin Gautam <door_hUNT3R@blackcodemail.com>

Prev by Date: [Full-Disclosure] win32 stack bof & shellcode size
Next by Date: Fw: [Full-Disclosure] sharp increase on 27347/TCP
Previous by thread: Re: [Full-Disclosure] strange wordpad.exe behavior!
Next by thread: Re: [Full-Disclosure] strange wordpad.exe behavior!
Index(es):
- Date
- Thread