| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a116aff00607100847o16891682k5c437bd33fc82efd@mail.gmail.com> Date: Mon, 10 Jul 2006 20:47:21 +0500 From: naveed <naveedafzal@...il.com> To: bugtraq@...urityfocus.com Subject: MS Word Unchecked Boundary Condition Vulnerability /*------------------------------------------------------------ * Microsoft Word unchecked boundary condition vulnerability. * --------------------------------------------------------- * One of the functions in mso.dll (older versions mso9.dll) * cannot properly handle the specially crafted files causing * invalid memory acess and in some cases arbitrary overwrites. * The exported function LsCreateLine (entry : mso_203) contains a boundary * error while parsing certain specially crafted .DOC files,resulting in * an invalid memory access. * * Following proof of concept code generates a .doc file , opening * the file will cause an access violation, in mso.dll. * Code execution is possible if 4-bytes of arbitrary memory * is overwritten. Apparently this is not specific to MS Word * only but other Office products are also vulnerable which use these * functions. No other user interaction required in order to trigger the vulnerability. * * Affected Products: Microsoft Office * Tested against : Microsoft Word 2003,2002,2000 * * // naveed afzal *------------------------------------------------------------*/ A proof of concept code is available here http://www.bsdpakistan.org/downloads/wordPOC.c
Powered by blists - more mailing lists