lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <026901c6a750$6c702930$094c3359@namea0073fcd77>
Date: Fri, 14 Jul 2006 16:18:46 +0200
From: "Benjamin Tobias Franz" <0-1-2-3@....de>
To: <bugtraq@...urityfocus.com>
Subject: Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities


Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities
... discovered by Benjamin Tobias Franz

Affected Vendor:
Microsoft

Affected Product:
Microsoft Works

Description:
Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted
files. All supported file formats (except plain text files) are affected
(eight different bugs):
Works 6.0-8.x => Denial of Service (DoS) - 99% CPU usage
Works 4.x/2000 => Denial of Service (DoS) - Crash (msvcr71.dll)
Works for Windows 3.0 => Denial of Service (DoS) - Crash
Works for Windows 2.0 / Works for DOS => Denial of Service (DoS) - Crash
Excel 97-2000 => Buffer Overrun
Excel 5.0/95 => Buffer Overrun
Excel 4.0 => Denial of Service (DoS) - Crash
Lotus 1-2-3 => Denial of Service (DoS) - Crash (msvcr71.dll)

Exploitable:
Yes

Workaround:
Do not open any spreadsheet file from untrusted sources with Microsoft 
Works.

Proof-of-Concept files (simple demonstration files only):
http://hometown.aol.de/qwertzset/BTFs_MSWorksSpreadsheet_PoCFiles.zip

Date of discovery:
10. - 13. Juli 2006

Tested software:
Microsoft Works 8.0 on Windows XP SP2
(wksss.exe: 8.4.702.0 | msvcr71.dll: 7.10.3052.4)

Possibly some of the bugs are fixed in version 8.5. Test it...


Regards,

Benjamin Tobias Franz,
Germany 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ