ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-alerts] FYI: 2x 0day Microsoft Windows Excel



Kazennov, Vladimir wrote:

Коллеги, а вот и что-то более реальное - если кто-то будет анализировать, 
скажите, насколько это серьезно.


----------
Message: 3
Date: Mon, 19 Dec 2005 11:52:52 +0100
From: "ad@xxxxxxxxxxxxxxxx" <ad@xxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] 2x 0day Microsoft Windows Excel
To: full-disclosure@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx
Message-ID: <43A69104.9080904@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Let's go on the fast publishing :)
I wont bother to message microsoft about this because they wont patch it
for sure according that they can't patch fully exploitable bugs in a
decent time, they do not patch IE dos
(http://heapoverflow.com/IEcrash.htm), so no way to bother them, we
should let them sleep a bit shhh ;)

Bugs 1 and Bugs 2 are quite similiar but NOT, both are null pointer bugs
. In bug1 you should mod a grafic's pointer to point to a bad area, and
in bug 2 you should null out the size of the page name.
Я что-то не понял, в чем там прикол. Вроде нормальные файлы. Или это надо обязательно внутри IE делать?


attached are the 2 pocs, nor here are direct links


http://heapoverflow.com/excelol/bug1.xls
http://heapoverflow.com/excelol/bug2.xls



Credits:

AD [at] heapoverflow.com







--
Alexander Dilevsky
mailto:dil@xxxxxx




 




Copyright © Lexa Software, 1996-2009.