lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Jan 2010 18:02:05 -0700
From: karakorsankara@...mail.com
To: bugtraq@...urityfocus.com
Subject: OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability

Product:

OpenOffice

Tested Vulnerable Versions:

3.1.1 and 3.1.0

Vulnerability:

Null Pointer

Description:

Hellcode Research discovered a null pointer vulnerability in Openoffice for
Windows.

Opening a malformed ".slk" file with Openoffice, causes a crash on "soffice.bin"


PoC:

http://tcc.hellcode.net/sploitz/slk.rar

Credits:
karak0rsan and murderkey from Hellcode Research

The Computer Cheats (TCC)

Urls:

tcc.hellcode.net

forum.hellcode.net

Powered by blists - more mailing lists