Full Disclosure mailing list archives
Re: MS Excel Remote Code Execution POC Exploit
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 27 Jun 2006 01:28:55 +0300 (EEST)
OK, this message inluding MSRC Blog posting #437826 reached our inboxes some minutes ago because of moderating process. - Juha-Mattinaveed <naveedafzal () gmail com> kirjoitti:
yes i do have confirmed this in a post to bugtraq,the issue is with hlink.dll On 6/25/06, Juha-Matti Laurio <juha-matti.laurio () netti fi> wrote: > It appears that two references mentioned in code posting (see Advisories) are erroneous. > Code posting says about error while handling malformed URL strings; i.e. this is vulnerability mentioned at > > http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx > > Let's say so-called 2nd Excel vulnerability reported within a week. > This issue is aka Windows hlink.dll vulnerability, see > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3086 > > - Juha-Matti > > > naveed <naveedafzal () gmail com> wrote: > > /*--------------------------------------------------------------------- > * > * Microsoft Excel Remote Code Execution Proof Of Concept. > * Tested against : Excel 2000 on Win XP SP1 , and Win2000 SP4 > * Description: > * Microsoft Excel is prone to a remote code execution issue > * which may be triggered when a malformed Excel document is opened. > * The issue is due to an error in Excel while handling malformed URL > * strings. there may be other ways to trigger this vulnerability, > * successful exploitation could allow an attacker to execute > * arbitrary code with the privileges of the user running Excel. > * > * Code execution is dependent upon certain factors including the > * overflow condition, the MS Excel version and the host OS and SP. > * If you cannot get it to work, attach it with the debugger check > * the stack layout and the rest is on your imagination. :) :) > * > * Compile with MS VC++ or g++ ,it will generate the Excel file > * Clicking the link in the file binds the shell , > * C:\nc localhost 4444 > * > * Advisories: > * http://www.microsoft.com/technet/security/advisory/921365.mspx > * http://www.securityfocus.com/bid/18422/ > > --clip--
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MS Excel Remote Code Execution POC Exploit naveed (Jun 21)
- Delete button Joel Esler (Jun 22)
- Re: Delete button Cardoso (Jun 22)
- <Possible follow-ups>
- Re: MS Excel Remote Code Execution POC Exploit Juha-Matti Laurio (Jun 24)
- Re: MS Excel Remote Code Execution POC Exploit naveed (Jun 25)
- Re: MS Excel Remote Code Execution POC Exploit Juha-Matti Laurio (Jun 26)
- Delete button Joel Esler (Jun 22)