[<prev] [next>] [day] [month] [year] [list]
Message-ID: <27209392.35651151360935610.JavaMail.juha-matti.laurio@netti.fi>
Date: Mon Jun 26 23:29:02 2006
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: MS Excel Remote Code Execution POC Exploit
OK, this message inluding MSRC Blog posting #437826 reached our inboxes some minutes ago because of moderating process.
- Juha-Matti
naveed <naveedafzal@...il.com> kirjoitti:
>
> yes i do have confirmed this in a post to bugtraq,the issue is with hlink.dll
>
> On 6/25/06, Juha-Matti Laurio <juha-matti.laurio@...ti.fi> wrote:
> > It appears that two references mentioned in code posting (see Advisories) are erroneous.
> > Code posting says about error while handling malformed URL strings; i.e. this is vulnerability mentioned at
> >
> > http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
> >
> > Let's say so-called 2nd Excel vulnerability reported within a week.
> > This issue is aka Windows hlink.dll vulnerability, see
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3086
> >
> > - Juha-Matti
> >
> >
> > naveed <naveedafzal@...il.com> wrote:
> >
> > /*---------------------------------------------------------------------
> > *
> > * Microsoft Excel Remote Code Execution Proof Of Concept.
> > * Tested against : Excel 2000 on Win XP SP1 , and Win2000 SP4
> > * Description:
> > * Microsoft Excel is prone to a remote code execution issue
> > * which may be triggered when a malformed Excel document is opened.
> > * The issue is due to an error in Excel while handling malformed URL
> > * strings. there may be other ways to trigger this vulnerability,
> > * successful exploitation could allow an attacker to execute
> > * arbitrary code with the privileges of the user running Excel.
> > *
> > * Code execution is dependent upon certain factors including the
> > * overflow condition, the MS Excel version and the host OS and SP.
> > * If you cannot get it to work, attach it with the debugger check
> > * the stack layout and the rest is on your imagination. :) :)
> > *
> > * Compile with MS VC++ or g++ ,it will generate the Excel file
> > * Clicking the link in the file binds the shell ,
> > * C:\nc localhost 4444
> > *
> > * Advisories:
> > * http://www.microsoft.com/technet/security/advisory/921365.mspx
> > * http://www.securityfocus.com/bid/18422/
> >
> > --clip--
Powered by blists - more mailing lists