Re: 2x 0day Microsoft Windows Excel

["ad () heapoverflow com" <ad () heapoverflow com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
I have got many questions about the severity of the bug , you can show
a demo yourself here:

http://heapoverflow.com/excelol/excel_like_hell.swf

ms will fixe this issue soon I'm sure, for me , job done, bye :>

ad () heapoverflow com wrote:
> after many hours working on excel I have found a critical excel bug
> exploitable. This is not a stack bof nor a heap bof , a bug
> extremely hard to find and trigger , but it conduct excel to
> execute any arbitrary codes while opening a malicious .xls file.
>
> note: the bug isn't related to both excel dos that I have already
> published but shows similiar to a null pointer bug at a first look.
>  much infos won't be disclosed publicly or privately and this will
> be transmitted to ms before the spyware loosers catch it :)
>
> > > I have said so this is only null pointer bugs but the way I
> > > trigger the bug might be modded for a remote code execution who
> > > know , I'm not a guru and maybe did an error triggering the
> > > flaw who knows :) but I bet many are already reasearching on
> > > this hehe, happy job!
>
>
>
> > > Let's go on the fast publishing :) I wont bother to message
> > > microsoft about this because they wont patch it for sure
> > > according that they can't patch fully exploitable bugs in a
> > > decent time, they do not patch IE dos
> > > (http://heapoverflow.com/IEcrash.htm), so no way to bother
> > > them, we should let them sleep a bit shhh ;)
> > >
> > > Bugs 1 and Bugs 2 are quite similiar but NOT, both are null
> > > pointer bugs . In bug1 you should mod a grafic's pointer to
> > > point to a bad area, and in bug 2 you should null out the size
> > > of the page name.
> > >
> > >
> > > attached are the 2 pocs, nor here are direct links
> > >
> > >
> > > http://heapoverflow.com/excelol/bug1.xls
> > > <http://heapoverflow.com/excelol/bug1.xls>
> > > http://heapoverflow.com/excelol/bug2.xls
> > > <http://heapoverflow.com/excelol/bug2.xls>
> > >
> > >
> > >
> > > Credits:
> > >
> > > AD [at] heapoverflow.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ8PL5a+LRXunxpxfAQIHNw/9H6aug9gm0orJmZGIEQ7vGSdDwZkOCLMO
Dw7pt6fzDFUKM3HeL3oR2gbQaPUZL57iuuY8NCKEoU3y5hiFm64nlWyGARu3ITW3
cuBVUWNpqvZzZbBU4mj9Rc5pG23Y8WrfsNRBAaJWJGjOTHacDsmn5sD0rIdwDXIP
pb7pDztp6C4yPkWKN+n/Y5I73M1a8ZI+34VvOSqyMM8eGGTbcnnzF4Uz/f/rhZm9
Mm6NBgdQhSOHNqPYz5RjQtrC8O9e8/C3Zekj/YKr1jB3HOa0jiBLDALG7VIQwK/b
49e+nUK3FxQ49ygoWSvVwP0+7cFOdOVZ8Ahfd0EVCnyAkxJ04Qa+L9rF0FGSO+M6
ljg0ma93De14rHj1O+mQvRpotuUGSWJsfeBSPVLAuODZBmcp7N+AE3E2vKUwGjr5
k+FJWHs2fRxCkXb55mic+1aFdWxZvnXDmpJt1t+QTcWDl4OL6/+Ovu/fPWzg2vcQ
i25RqdbsfKUnW2/QuoSrPzmgIc8s9UjIwFOj25eR0kUYMwjaugoGaYRMH0NdsSAK
MwQJuVGtI4FaKLzYrPQ6m/dOyIqdH0s9cUyXrpNUWByVgMtO+pBSHp9gyCj9lVGs
PfHEqYFQX2/xwJQ9QLJz+rCtATzcEjWkN2b79GOm622laRfFI0te/QJa/4BJLncp
LGgvT0HVO0k=
=smBn
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/