Full Disclosure mailing list archives
Re: Microsoft Office Excel 2010 memory corruption
From: kaveh ghaemmaghami <kavehghaemmaghami () googlemail com>
Date: Mon, 29 Oct 2012 21:42:36 +0330
thank you Jeff please tell me this is not exploitable http://www.exploit-db.com/exploits/22237/ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- all crashes which i gave i know is not that easy to exploit i just wanted to Proof how easy is to crash MS and i wanted to know MS opinion about any flaws so i am not going to give any crashes free as far as i can sell it to ZDI which i know is exploitable or i can exploit it for proof of concept And i will leave other crashes to exploit dev expert and crash analyzer to exploit it and enjoying flaws thank you every one for share Best Regards On Mon, Oct 29, 2012 at 5:47 AM, kaveh ghaemmaghami <kavehghaemmaghami () googlemail com> wrote:
Hello list Dear Peter and others please take a look @ it Best Regards Kaveh Ghaemmaghami Title : Microsoft Office Excel 2010 memory corruption Version : Microsoft Office professional Plus 2010 Date : 2012-10-27 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : XP SP3 ENG ############################################################################### Bug : ---- memory corruption during the handling of the xls files a context-dependent attacker can execute arbitrary code (need investigate ) ---- ################################################################################ (b4c.1350): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000584 ebx=00135070 ecx=00001000 edx=0000105f esi=06a80800 edi=00000040 eip=301ce0d0 esp=001302f0 ebp=00131d6c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for Excel.exe - Excel!Ordinal40+0x1ce0d0: 301ce0d0 668b5008 mov dx,word ptr [eax+8] ds:0023:0000058c=???? ################################################################################ Proof of concept included. http://www36.zippyshare.com/v/48422905/file.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Microsoft Office Excel 2010 memory corruption, (continued)
- Re: Microsoft Office Excel 2010 memory corruption Julius Kivimäki (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Peter Ferrie (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Jeffrey Walton (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Julius Kivimäki (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Peter Ferrie (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Jeffrey Walton (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Kelvin White (Oct 30)
- Re: Microsoft Office Excel 2010 memory corruption Michael Simpson (Oct 30)
- Message not available
- Re: Microsoft Office Excel 2010 memory corruption Michael Simpson (Oct 30)
- Re: Microsoft Office Excel 2010 memory corruption Antony widmal (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Thor (Hammer of God) (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Richard Miles (Oct 30)