| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4498BA36.5050702@gmx.net> Date: Wed Jun 21 04:17:28 2006 From: kingcope at gmx.net (kcope) Subject: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** Hello FistFuXXer, Very nice that you found that, since unicode overflows are not that easy to exploit. I didn't know that Spreadsheet-Perl converted the string into unicode and then put it into the file. Very nice very nice :o) I like that 0x41414141 :o) weird I didn't even look into the hex edit of the xls file. Best Regards, kcope FistFuXXer wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello kcope, > > the vulnerability that you've found isn't an Unicode-based buffer > overflow, Spreadsheet-Perl just converts the string to Unicode and you > can edit it later with a hex editor. > > It's just a simple stack overflow that overwrites the memory after the > return address. Until all the write-able stack memory is full and the > application tries to overwrite the read-only memory after it, an > exception happens. So you won't be able to exploit it by using the > return address of the vulnerable 'hlink' function but you can still use > the SE handler for exploitation. > > It looks like Microsoft should release security patches ASAP. > > > Sincerely yours, > Manuel Santamarina Suarez >
Powered by blists - more mailing lists