Hosting Provided By

possible format string in ultra edit 8.00

From: Thijs Dalhuijsen <thijs(at)abzurd.com>
Date: Fri May 16 2003 - 06:28:14 EDT

don't know if this is exploitable or not, .. not even sure i want to know ;) but inproper handling of values could mean more interesting things i recon....

ultraedit allows for you to edit files located on an ftp server. Account-data gets saved in the machine registry instead of the user registry so all users on the computer can view and use each others 'bookmarks'

if you use square brackets ([]) in the account name ultraedit flips and can't load in the appropriate data.

no idea what level or what causes it. but being an very popular programmers tool on win32 i thought i'd mention it.

happy hunting,
thijs

--
perl -pe 'tr/izeasgtbgo/1234567890/;$_=0.5<=rand(1)?lc$_:uc$_;'

Received on Fri May 16 11:53:17 2003

This message: [ Message body ]
Next message: Bennett Todd: "safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)"
Previous message: Cameron Brown: "RE: MSIE integer overflows"
In reply to: xenophi1e: "Re: vulndev-1 and a suggestion about the ensuing discussion"
Next in thread: Bennett Todd: "safe mallocs (was Re: vulndev-1 and a suggestion about the ensuing discussion)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:39 EDT