lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050727073646.21882.qmail@securityfocus.com>
Date: 27 Jul 2005 07:36:46 -0000
From: sylvain.roger@...ucom.fr
To: bugtraq@...urityfocus.com
Subject: Shared section vulnerability when opening microsoft office
 document resulting in DoS


There is a shared section vulnerability in office products when trying to open
an office document with firefox. For example try to open a word document
attached in a webmail. firefox.exe process will create a son winword.exe
process (it only appears when the process is created with firefox not svchosts). When creating this process a shared section is created called
\BaseNameObjects\Mso97SharedDgXXXXXXXX (the number may change I am not sure at
the present time). The rights on this shared section are put on "everyone" for
delete/synchronise/query/modify. this allows to write arbitrary data and to
perform a Dos against ALL Office open applications.

I do not manage to know if it is a firefox or Microsoft office vulnerability

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ