lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Jun 26 23:29:02 2006 From: juha-matti.laurio at netti.fi (Juha-Matti Laurio) Subject: MS Excel Remote Code Execution POC Exploit OK, this message inluding MSRC Blog posting #437826 reached our inboxes some minutes ago because of moderating process. - Juha-Matti naveed <naveedafzal@...il.com> kirjoitti: > > yes i do have confirmed this in a post to bugtraq,the issue is with hlink.dll > > On 6/25/06, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote: > > It appears that two references mentioned in code posting (see Advisories) are erroneous. > > Code posting says about error while handling malformed URL strings; i.e. this is vulnerability mentioned at > > > > http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx > > > > Let's say so-called 2nd Excel vulnerability reported within a week. > > This issue is aka Windows hlink.dll vulnerability, see > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3086 > > > > - Juha-Matti > > > > > > naveed <naveedafzal@...il.com> wrote: > > > > /*--------------------------------------------------------------------- > > * > > * Microsoft Excel Remote Code Execution Proof Of Concept. > > * Tested against : Excel 2000 on Win XP SP1 , and Win2000 SP4 > > * Description: > > * Microsoft Excel is prone to a remote code execution issue > > * which may be triggered when a malformed Excel document is opened. > > * The issue is due to an error in Excel while handling malformed URL > > * strings. there may be other ways to trigger this vulnerability, > > * successful exploitation could allow an attacker to execute > > * arbitrary code with the privileges of the user running Excel. > > * > > * Code execution is dependent upon certain factors including the > > * overflow condition, the MS Excel version and the host OS and SP. > > * If you cannot get it to work, attach it with the debugger check > > * the stack layout and the rest is on your imagination. :) :) > > * > > * Compile with MS VC++ or g++ ,it will generate the Excel file > > * Clicking the link in the file binds the shell , > > * C:\nc localhost 4444 > > * > > * Advisories: > > * http://www.microsoft.com/technet/security/advisory/921365.mspx > > * http://www.securityfocus.com/bid/18422/ > > > > --clip--
Powered by blists - more mailing lists