| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jul 2006 16:18:46 +0200 From: "Benjamin Tobias Franz" <0-1-2-3@....de> To: <bugtraq@...urityfocus.com> Subject: Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities ... discovered by Benjamin Tobias Franz Affected Vendor: Microsoft Affected Product: Microsoft Works Description: Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted files. All supported file formats (except plain text files) are affected (eight different bugs): Works 6.0-8.x => Denial of Service (DoS) - 99% CPU usage Works 4.x/2000 => Denial of Service (DoS) - Crash (msvcr71.dll) Works for Windows 3.0 => Denial of Service (DoS) - Crash Works for Windows 2.0 / Works for DOS => Denial of Service (DoS) - Crash Excel 97-2000 => Buffer Overrun Excel 5.0/95 => Buffer Overrun Excel 4.0 => Denial of Service (DoS) - Crash Lotus 1-2-3 => Denial of Service (DoS) - Crash (msvcr71.dll) Exploitable: Yes Workaround: Do not open any spreadsheet file from untrusted sources with Microsoft Works. Proof-of-Concept files (simple demonstration files only): http://hometown.aol.de/qwertzset/BTFs_MSWorksSpreadsheet_PoCFiles.zip Date of discovery: 10. - 13. Juli 2006 Tested software: Microsoft Works 8.0 on Windows XP SP2 (wksss.exe: 8.4.702.0 | msvcr71.dll: 7.10.3052.4) Possibly some of the bugs are fixed in version 8.5. Test it... Regards, Benjamin Tobias Franz, Germany
Powered by blists - more mailing lists