OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions.
From: Markus Kern (markus-kernGMX.NET)
Date: Sun Apr 23 2000 - 08:08:04 CDT

Su Wadlow wrote:

> Remembering the comment by Markus Kern about the little tool tip thingy
> (Windows *apps* do use it, even Explorer's toolbar) I looked for
> something
> to which to add the file I had gotten, and noticed my Office Shortcut
> Bar.

You're right Explorer's toolbar and the TreeView control
(displaying the directory tree) _do_ use tool tips.
But _not_ the ListView control that is used display the files.

Note that this only applies to Windows 95.
Windows 98 uses tool tips in the ListView control too.

Because the TreeView control uses tool tips I made a directory with
a long extension (about 200 characters). But nothing happened.
All tool tips were displayed properly in Win95 and Win98.
Opening the directory did work as well.

Only WS_FTP95LE crashed when I tried to open the directory that
contained the long-extension-directory:

WS_FTP95 verursachte einen Fehler durch eine ungültige Seite
in Modul WS_FTP95.EXE bei 0137:00419974.
Register:
EAX=61616161 CS=0137 EIP=00419974 EFLGS=00010212
EBX=0068f1be SS=013f ESP=0068f038 EBP=0068f128
ECX=00000000 DS=013f ESI=000081e2 FS=130f
EDX=0068f050 ES=013f EDI=0068f174 GS=0000
Bytes bei CS:EIP:
8b 40 14 c6 84 05 28 ff ff ff 00 8d 45 bc 50 8d
Stapelwerte:
0068f174 000081e2 0068f1be 00000001 00000026
00000bd2 61612e61 61616161 61616161 61616161 <= this doesn't
61616161 61616161 61616161 61616161 61616161 <= look good in
61616161 <= a FTP client

This seems to be a problem of WS_FTP not of Windows.

-- Markus