lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 25 Feb 2007 19:12:08 +0300
From: 3APA3A <3APA3A@...urity.nnov.ru>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Few unreported vulnerabilities by SehaTo

Hello lists,

 SehaTo  (sehato at yandex ru) reported few vulnerabilities in different
 Windows  applications.  Original  messages (in Russian) may be found at
 http://securityvulns.com/source16446.html

 1. Microsoft Windows Explorer corrupted WMF vulnerability
 http://securityvulns.com/news/Microsoft/Windows/Explorer/DoS.html

 Windows   explorer  (explorer.exe)  crashes  on  browsing  folder  with
 corrupted WMF files.

 SecurityVulns  note:  from  the very fast debugging results analysis on
 Windows  XP  SP2, there is potential code execution possibility (memory
 corruption),  because  attacker-controllable  data  is used to contruct
 both  read  and write memory addresses. Deeper research of exploitation
 possibility was not performed.

 2. IfranView / Microsoft Office 2003 malformed WMF crash
 http://securityvulns.com/news/IrfanView/WMF/DoS.html

 IfranView  crashes  on  attempt to view malformed WMF, Microsoft Office
 crashes on attempt to insert corrupted WMF file.

 SecurityVulns note: because of relatively low impact, SecurityVulns did
 no research on this vulnerability.

 3. 2 different Microsoft Excel DoS conditions
 http://securityvulns.com/news/Microsoft/Excel/XML/DoS.html

 2 different crashes in Microsoft Excel on parsing .XLS files (corrupted
 XML and corrupted XLS formats).

 SecurityVulns  note: vulnerabilities confirmed on Microsoft Excel 2003.
 Both   vulnerabilities  are  of  NULL-pointer  dereference  type.  Code
 execution is probably impossible.

-- 
/3APA3A
http://securityvulns.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ