Re: Fuzzing Microsoft Office

[Valdis.Kletnieks () vt edu]

On Tue, 11 Jul 2006 13:52:49 BST, Disco Jonny said:

> mate if you care, or give a shit.  I have over 300 *different* crashes
> in word ( total over 5k files that crash word), from using two basic
> templates and then fuzzing them

Out of curiosity, how do you determine conclusively that they're in fact
different crashes, rather than just different symptoms of the same problem?

For instance, a bounds check on string A that trashes memory - can manifest
as almost *anything*, as it depends on what the *next* thing in memory is, and
when/how it gets dereferenced.  This is particularly an issue when it's heap
corruption.  If the previous sentence had 2 bold strings, then thing B on
the heap gets splatted, causing one crash, but if there's an italic string,
then it's C that gets trashed, causing a different manifestation.

It's still the same bug with A though.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/