Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Windows file I/O not internationalized

from [Liu Die Yu] Network Security [Permanent Link]
Subject: Re: Windows file I/O not internationalized
Date: Wed, 27 Oct 2004 09:34:47 +0800 
Microsoft never considers internationalization as an important thing.
Here is another case:
remeber DOUBLE-BYTE-SYSTEM SITE SPOOFING BUG mentioned in the last OCT
MSIE patch(MS04-038)? if no corrosponding patch deployed, it only works
on dbl-byte-lang systems like chinese. and it does not work on systems
with default lang set to english.

anyway, these guys don't consider "internationalization" vuln as an
urgent thing(because they got much more funny vulnerabilities to patch).
so don't expect them to fix your "internationalization" non-security bug
in a short time ...

and a note for all bug finders: use english systems for finding bugs. :-)

Paul Szabo wrote:

We have a Windows application (TCL script really) that wants to find the
IP address of the PC it runs on; it effectively does

 cmd /c "ipconfig > ip.txt"

then reads the file. This works fine everywhere, except... I have a user
with WinXP set to Chinese language. For this user, the file stops after
"Ethernet adapter" (contains just 53 characters). Doing ipconfig without
redirection in a CommandPrompt window works fine and says the equivalent
of "Local Area Connection" in Chinese.

Seems to me that file I/O redirection, angle-brackets or pipe symbols,
stop at the first non-English character. Is this a known bug or feature?
If so, does anyone know a workaround? Otherwise, does this have security
implications?

Cheers,

Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

--
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
--

.




--
NTBugtraq Editor's Note:

Want to reply to the person who sent this message? This list is configured such 
that just hitting reply is going to result in the message coming to the list, 
not to the individual who sent the message. This was done to help reduce the 
number of Out of Office messages posters received. So if you want to send a 
reply just to the poster, you'll have to copy their email address out of the 
message and place it in your TO: field.
--

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: MSXML Service Packs, Doug Neal
Next by Date:  Problems with MS04-032, Russ
Previous by Thread:  Windows file I/O not internationalized, Paul Szabo
Next by Thread:  BHO KB Link - How to Disable Third-Party Tool Bands and Browser Helper Objects, Duane Maurer II
Indexes:  [Date] [Thread] [Top] [All Lists]