| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Oct 2012 18:48:23 -0700 From: Peter Ferrie <peter.ferrie@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Microsoft Office Publisher 2010 memory corruption > I have discovered many crashes during testing MS product which i can > discuss with authority responsible > memory corruption during the handling of the pub files a > context-dependent attacker can execute arbitrary code. > ---- > ecx=00000004 ... esi=00000000 ... > MSVCR90!memmove+0x140: > 7855b450 8b448ef0 mov eax,dword ptr [esi+ecx*4-10h] > ds:0023:00000000=???????? This is a null pointer access. You have not demonstrated any control over the value in esi, so it is highly unlikely that it can be used for exploitation. We will investigate it, of course. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists