Bugtraq mailing list archives
StarOffice 5.1
From: lcamtuf () TPI PL (Michal Zalewski)
Date: Sun, 16 Apr 2000 16:11:29 +0200
Do you remember recent Microsoft Word (and Wordpad) vulnerabilities while reading .rtf documents? I realized that Sun StarOffice 5.1 is at least so buggy as M$ products. There are a lot of ways to cause overflow and crash (or execution of arbitrary code) while viewing documents - starting from html with <a href="file://aaaaaaaaalotof...">, which will cause crash on opening this document itself (you don't have to click that link). Also, any other document with such hyperlink should cause instant crash (try saving SO native document - .sdw - with some hyperlinks, then modyfing it with binary editor). Just one example. Beautiful overflow while doing strcpy(). 1:1, Microsoft's move ;) _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: Back Door in Commercial Shopping Cart, (continued)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 14)
- Re: Back Door in Commercial Shopping Cart [Stormer Hosting] Dan Kaminsky (Apr 14)
- New DOS on Interscan NT/3.32 Alain Thivillon (Apr 17)
- Re: Back Door in Commercial Shopping Cart [RESOLVED] Dan Kaminsky (Apr 17)
- Re: Back Door in Commercial Shopping Cart Luciano Ramos (Apr 14)
- Re: Back Door in Commercial Shopping Cart Pete Holsberg (Apr 13)
- Re: Back Door in Commercial Shopping Cart Anik (Apr 13)
- more problems with that POS dansie cart software! tombow (Apr 14)
- Re: more problems with that POS dansie cart software! Randy Janinda (Apr 14)
- nmh-1.0.4 released Dan Harkless (Apr 14)
- xfs Michal Zalewski (Apr 16)
- StarOffice 5.1 Michal Zalewski (Apr 16)
- XFree86 server overflow Michal Zalewski (Apr 16)
- XFree86 server overflow - exploit issues Michal Zalewski (Apr 16)
- Reappearance of an old IE security bug Ben Mesander (Apr 16)
- Re: Reappearance of an old IE security bug Vladimir Dubrovin (Apr 17)
- Announcing: Solaris Fingerprint Database (sfpDB) on SunSolve Casper Dik (Apr 17)
- Re: XFree86 server overflow Olaf Kirch (Apr 17)
- Re: XFree86 server overflow Valentin Pavlov (Apr 17)
- Microsoft Security Bulletin (MS00-025) Microsoft Product Security (Apr 17)
- Re: XFree86 server overflow Paweł Sakowski (Apr 17)
- RAZOR Analysis of dvwssr.dll Simple Nomad (Apr 17)