lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <43A69104.9080904@heapoverflow.com>
Date: Mon Dec 19 10:53:16 2005
From: ad at heapoverflow.com (ad@...poverflow.com)
Subject: 2x 0day Microsoft Windows Excel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Let's go on the fast publishing :)
I wont bother to message microsoft about this because they wont patch it
for sure according that they can't patch fully exploitable bugs in a
decent time, they do not patch IE dos
(http://heapoverflow.com/IEcrash.htm), so no way to bother them, we
should let them sleep a bit shhh ;)

Bugs 1 and Bugs 2 are quite similiar but NOT, both are null pointer bugs
. In bug1 you should mod a grafic's pointer to point to a bad area, and
in bug 2 you should null out the size of the page name.


attached are the 2 pocs, nor here are direct links


http://heapoverflow.com/excelol/bug1.xls
http://heapoverflow.com/excelol/bug2.xls



Credits:

AD [at] heapoverflow.com



- -------------------

class101
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iQIVAwUBQ6aRBK+LRXunxpxfAQKSHxAAucyw3lKI7mfbc4y5wjRNDXP5UnE7WSuJ
Z0j5xR/O666IkJ6s9ymoOwIO8flK9IvBoPKO6G5CxK0QWJSqHahfj1JDnEQSslGr
HYe+IOhr0JZ94AnqiCzF1gRevFDtDD8dYhEk41TvEIs67x43gAoHW6m/eMTxgOfn
HaF+7X7O5ovYK4nAe8wy2dsk2vzbvx0WTnERX+a1c3/OBXp/z6KuEevL8HFGdkZu
lk57U8jSzoEAGGtwiPlv7IN67Oz58uOHvQmjYuZhaVzpGU8v55qszHeR/VGy4KZC
BKyFZlXUVZc1zj+OEdRIznoGvC62QAmHIxF863U1KDlZaUGtqOOQv15yugDmODOY
gwzNdBkKnMbrM9B2yskbQB3e9kI3kwwG0lOKydhuOViF4AScBb5ckrKHybjKnv8c
0Q7kqx/CeEVf0UcMaf69A5X5FeH8xC4zAKjiM5VXTgyPtKuO7t6Z9NkdO01AWjSz
QunfGmmOEu3x2BN/x3dZL9D4vt3Im+f592vrwkiAGwws5gMsq15recZy4LIEMz1Y
4Gaf5kxpYs4OSkVNZjLoFj9LPeH1sGL5pOp6mQMq8P+YzS3RovDPrBLI/Kt89C2/
ycOaPXmWP5dD/ZPRC+r2lmqWzdd9d9MXE/8XrNqHHHuods7SgMqbLwCQX0VTf3Fx
WCSSdl+ab+Q=
=8nFj
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug2.xls
Type: application/vnd.ms-excel
Size: 13824 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051219/376e67d7/bug2.xls
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug1.xls
Type: application/vnd.ms-excel
Size: 13824 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051219/376e67d7/bug1.xls

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ