Final word on "Word 2000 DDE error on Win2K"

[Oliver Reeves <Oliver.Reeves () compucat com au>]

Morning All,

Thanks to everyone for their responses.

The summary of responses (over 50 in total) is:

Word 2K All versions up to (but not including) 9.0.4402 SR-1 have this
problem.
> From 9.0.4402 SR-1 onwards it appears to be fixed.

Cheers
Oliver.

-----Original Message-----
From: Kevin J. Menard, Jr. [mailto:kmenard () WPI EDU]
Sent: Wednesday, 30 May 2001 12:24 AM
To: Oliver Reeves
Cc: 'VULN-DEV () securityfocus com'
Subject: Re: Word 2000 DDE error on Win2K


Hey Oliver,

This does not work for me:

Win2k SP1 and all hot fixes up to SP2
Word2k 9.0.4402 SR-1

-- 
 Kevin

Monday, May 28, 2001, 7:55:07 PM, you wrote:

OR> Morning All,

OR> I was playing around with word this morning, and found something quite
OR> interesting. I thought I'd post it to see what you all thought.

OR> I'm not sure if this is a known bug in Word 2000, and I can't find out
right
OR> now as I don't have web access from my PC at work.

OR> I can consistently crash Word 2000 using the following method:

OR> 1) Open up any text/document editor such as notepad or wordpad
OR> 2) type a single word (must be a known word, no punctuation).
OR> 3) highlight the whole word and CTRL+C
OR> 4) launch word 2000
OR> 5) CTRL+V
OR> 6) press HOME to take you to the start of the line
OR> 7) type I
OR> 8) hit the space bar

OR> this consistenly crashes word 2000 for me, and i get the following error
OR> message:

OR> DDE Server Window: WINWORD.EXE - Application Error
OR> The instruction at "0x3076a63e" referenced memory at "0x00000000". The
OR> memory could not be "read".

OR> I am running:
OR> Win2K 5.00.2195
OR> Word 2000 9.0.3821 SR-1

OR> I doubt that this would be exploitable, but I thought I'd find out if
any of
OR> you could reproduce it.

OR> Thanks
OR> Oliver.