Hi,

I found a bug in win32ole when it is used to extract information from an
active directory server. Our server contains a property like:

dSCorePropagationData => '16010108151056.0Z'

This gets converted into the string:

2006/04/07 21:04:15,1601/01/08 -15:-10:-55

by date2time_str() in win32ole.c. However because of the negative
numbers it overflows the 20 character buffer that sprintf is using. So
it looks like there are two issues: 

* The use of sprint here is unsafe.
* The conversion of the value returned by AD to a ruby string value is
incorrect (though perhaps the input date is degenerate and couldn't be
converted correctly anyway).

Regards,

Chris Waters
CTO, PhD
Network Chemistry, Inc
Email: chris.waters / networkchemistry.com
Phone: (650) 858-3125
www.networkchemistry.com
www.projectwishbone.com