Bugtraq mailing list archives
Shared section vulnerability when opening microsoft office document resulting in DoS
From: sylvain.roger () solucom fr
Date: 27 Jul 2005 07:36:46 -0000
There is a shared section vulnerability in office products when trying to open an office document with firefox. For example try to open a word document attached in a webmail. firefox.exe process will create a son winword.exe process (it only appears when the process is created with firefox not svchosts). When creating this process a shared section is created called \BaseNameObjects\Mso97SharedDgXXXXXXXX (the number may change I am not sure at the present time). The rights on this shared section are put on "everyone" for delete/synchronise/query/modify. this allows to write arbitrary data and to perform a Dos against ALL Office open applications. I do not manage to know if it is a firefox or Microsoft office vulnerability
Current thread:
- Shared section vulnerability when opening microsoft office document resulting in DoS sylvain . roger (Jul 27)