lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun Jun 25 08:00:13 2006
From: naveedafzal at gmail.com (naveed)
Subject: MS Excel Remote Code Execution POC Exploit

yes i do have confirmed this in a post to bugtraq,the issue is with hlink.dll

On 6/25/06, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote:
> It appears that two references mentioned in code posting (see Advisories) are erroneous.
> Code posting says about error while handling malformed URL strings; i.e. this is vulnerability mentioned at
>
> http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
>
> Let's say so-called 2nd Excel vulnerability reported within a week.
> This issue is aka Windows hlink.dll vulnerability, see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3086
>
> - Juha-Matti
>
>
> naveed <naveedafzal@...il.com> wrote:
>
> /*---------------------------------------------------------------------
> *
> * Microsoft Excel Remote Code Execution Proof Of Concept.
> * Tested against : Excel 2000 on Win XP SP1 , and Win2000 SP4
> * Description:
> * Microsoft Excel is prone to a remote code execution issue
> * which may be triggered when a malformed Excel document is opened.
> * The issue is due to an error in Excel while handling malformed URL
> * strings. there may be other ways to trigger this vulnerability,
> * successful exploitation could allow an attacker to execute
> * arbitrary code with the privileges of the user running Excel.
> *
> * Code execution is dependent upon certain factors including the
> * overflow condition, the MS Excel version and the host OS and SP.
> * If you cannot get it to work, attach it with the debugger check
> * the stack layout and the rest is on your imagination. :) :)
> *
> * Compile with MS VC++ or g++ ,it will generate the Excel file
> * Clicking the link in the file binds the shell ,
> * C:\nc localhost 4444
> *
> * Advisories:
> * http://www.microsoft.com/technet/security/advisory/921365.mspx
> * http://www.securityfocus.com/bid/18422/
>
> --clip--
>
>

Powered by blists - more mailing lists