Date: Thu, 11 Feb 1999 11:25:01 -0800 From: Clifford Hammerschmidt To: BUGTRAQ@netspace.org Subject: NT too? Re: Another Windows98 Bug... The following perl script will create a 250 character file that will crash WinNT (service pack 3) explorer when right-clicked on: -------------------- $fn = 'A' x 250; open (FH,">$fn") or die ":$!\n"; print FH "it worked?"; close FH; -------------------- You may have to create the file inside a subdirectory. I think what is happening here is the path+filename exceeds MAX_PATH. To delete the file drop to a command window and delete it using it's shortname (dir /X will display shortnames). At 05:49 PM 2/9/98 -0800, you wrote: >>>> I'm not sure about the details of this problem, but when testing another buffer overflow, I created a long filename called "testfile.txt " (note the chr(160)'s at the end) It is 235 characters in length. After creating it on my desktop, I right clicked on it; explorer crashed saying it caused an illegal operation. the only way I found to close this was by using command.com I sent this to a friend and he got the same error. -Scott Campbell (smc@visuallink.com) <<<< ----------------------------------------------------------------------------- Date: Fri, 12 Feb 1999 09:53:00 -0000 From: Jensen Allan AJE To: BUGTRAQ@netspace.org Subject: Re: Another Windows98 Bug... Scott (10-02-98 01:49): >I'm not sure about the details of this problem, but when testing another buffer overflow, I created a long filename called "testfile.txt " >(note the chr(160)'s at the end) It is 235 characters in length. After creating it on my desktop, I right clicked on it; explorer crashed saying it caused an illegal operation. the only way I found to close this was by using command.com I sent this to a friend and he got the same error. I tried the same under Windows NT 4 Workstation SP3, except the file name length was only 225 bytes, called "hello.txt(lots of spaces)(chr(160))", and Explorer crashed as well here. It seems to be an Explorer-only bug, as no other application I've tried went down. Oh well, another buffer overflow.. _______________________________________________________________________ Allan Jensen Scientific Atlanta Arcodan A/S Phone +45 73122150 System Administrator Augustenborg Landevej 7 Direct +45 73122154 IT-Support DK-6400 Sonderborg Fax +45 74423907 aje@sciatl.dk http://www.arcodan.com