Bugtraq mailing list archives
Re: The newest Word flaw is due to malformed data structure handling
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Thu, 14 Dec 2006 20:14:10 +0200 (EET)
And without any reasonable technical details it is very difficult to give a title field for the vulnerability. Several advisories using titles like Word Unspecified Code Execution Vulnerability or Word Code Execution Vulnerability #2, #3 are not the trend we want. Related to the newest Word issue US-CERT assigned a good title: Microsoft Word malformed pointer vulnerability http://www.kb.cert.org/vuls/id/996892 - Juha-MattiAlexander Sotirov <asotirov () determina com> wrote:
Juha-Matti Laurio wrote: > Related to the newest MS Word 0-day > http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx> > US-CERT Vulnerability Note VU#166700 released today lists the following> new technical detail:> > "Microsoft Word fails to properly handle malformed data structures> allowing memory corruption to occur." > http://www.kb.cert.org/vuls/id/166700 I appreciate your efforts to keep the community informed, but these kinds of "technical details" are completely useless. It's not your fault, this has been a long-standing problem with the information from coming from the likes of CERT and MSRC. Almost all Office vulnerabilities (and security issues in file parsers in general) are a result of "malfromed data structures allowing memory corruption to occur". Repeating this statement for every Word bug doesn't tell us anything new. Descriptions of vulnerabilities, especially ones that are found in the wild, should include enough information to allow researchers to uniquely identify the new vulnerability and differentiate it from all other bugs, both known ones and 0days. Without that level of detail, you end up with this: http://www.securityfocus.com/archive/1/443288 Alex
Current thread:
- The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio (Dec 11)
- Re: The newest Word flaw is due to malformed data structure handling Alexander Sotirov (Dec 12)
- Re: The newest Word flaw is due to malformed data structure handling Dave "No, not that one" Korn (Dec 12)
- <Possible follow-ups>
- Re: Re: The newest Word flaw is due to malformed data structure handling test (Dec 12)
- Re: The newest Word flaw is due to malformed data structure handling Steven M. Christey (Dec 14)
- Re: The newest Word flaw is due to malformed data structure handling Juha-Matti Laurio (Dec 14)