| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Dec 19 10:53:16 2005 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: 2x 0day Microsoft Windows Excel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Let's go on the fast publishing :) I wont bother to message microsoft about this because they wont patch it for sure according that they can't patch fully exploitable bugs in a decent time, they do not patch IE dos (http://heapoverflow.com/IEcrash.htm), so no way to bother them, we should let them sleep a bit shhh ;) Bugs 1 and Bugs 2 are quite similiar but NOT, both are null pointer bugs . In bug1 you should mod a grafic's pointer to point to a bad area, and in bug 2 you should null out the size of the page name. attached are the 2 pocs, nor here are direct links http://heapoverflow.com/excelol/bug1.xls http://heapoverflow.com/excelol/bug2.xls Credits: AD [at] heapoverflow.com - ------------------- class101 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ6aRBK+LRXunxpxfAQKSHxAAucyw3lKI7mfbc4y5wjRNDXP5UnE7WSuJ Z0j5xR/O666IkJ6s9ymoOwIO8flK9IvBoPKO6G5CxK0QWJSqHahfj1JDnEQSslGr HYe+IOhr0JZ94AnqiCzF1gRevFDtDD8dYhEk41TvEIs67x43gAoHW6m/eMTxgOfn HaF+7X7O5ovYK4nAe8wy2dsk2vzbvx0WTnERX+a1c3/OBXp/z6KuEevL8HFGdkZu lk57U8jSzoEAGGtwiPlv7IN67Oz58uOHvQmjYuZhaVzpGU8v55qszHeR/VGy4KZC BKyFZlXUVZc1zj+OEdRIznoGvC62QAmHIxF863U1KDlZaUGtqOOQv15yugDmODOY gwzNdBkKnMbrM9B2yskbQB3e9kI3kwwG0lOKydhuOViF4AScBb5ckrKHybjKnv8c 0Q7kqx/CeEVf0UcMaf69A5X5FeH8xC4zAKjiM5VXTgyPtKuO7t6Z9NkdO01AWjSz QunfGmmOEu3x2BN/x3dZL9D4vt3Im+f592vrwkiAGwws5gMsq15recZy4LIEMz1Y 4Gaf5kxpYs4OSkVNZjLoFj9LPeH1sGL5pOp6mQMq8P+YzS3RovDPrBLI/Kt89C2/ ycOaPXmWP5dD/ZPRC+r2lmqWzdd9d9MXE/8XrNqHHHuods7SgMqbLwCQX0VTf3Fx WCSSdl+ab+Q= =8nFj -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: bug2.xls Type: application/vnd.ms-excel Size: 13824 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051219/376e67d7/bug2.xls -------------- next part -------------- A non-text attachment was scrubbed... Name: bug1.xls Type: application/vnd.ms-excel Size: 13824 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051219/376e67d7/bug1.xls
Powered by blists - more mailing lists