lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Nov 2013 01:13:25 GMT From: jsibley1@...il.com To: bugtraq@...urityfocus.com Subject: Word 2003 SP2 .doc fork bomb on WinXP SP3 # Exploit Title: Word 2003 SP2 .doc fork bomb on WinXP SP3 # Exploit Author: absane # Blog: http://blog.noobroot.com # Discovery date: November 8th 2003 # Vendor Homepage: http://www.microsoft.com # Tested on: Windows XP SP3 & Word 2003 SP2 (11.6568.6568) ****************** * Vulnerability * ****************** A malformed .doc file with an embedded image causes a fork bomb in Word 2003 SP2 on Windows XP SP3 by comsuming 99% - 100% of the CPU cycles which can only be ended by teminating the process. ****************** *Proof of Concept* ****************** http://www.noobroot.com/exploits/word2003forkbomb.doc ****************** * Mitigation * ****************** The vulnerability does not appear to affect Office 2010+ and any other versions of Windows. Upgrade to Windows 7 or higher and/or upgrade to Office 2010 or higher.