Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME***

From: kcope <kingcope () gmx net>
Date: Wed, 21 Jun 2006 05:17:10 +0200
Hello FistFuXXer,
Very nice that you found that, since unicode overflows are not that easy to exploit. I didn't know that Spreadsheet-Perl converted the string into unicode and then put it 
into the file.
Very nice very nice :o) I like that 0x41414141 :o) weird I didn't even look into the 
hex edit of the xls file.

Best Regards,

kcope



FistFuXXer wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello kcope,

the vulnerability that you've found isn't an Unicode-based buffer
overflow, Spreadsheet-Perl just converts the string to Unicode and you
can edit it later with a hex editor.

It's just a simple stack overflow that overwrites the memory after the
return address. Until all the write-able stack memory is full and the
application tries to overwrite the read-only memory after it, an
exception happens. So you won't be able to exploit it by using the
return address of the vulnerable 'hlink' function but you can still use
the SE handler for exploitation.

It looks like Microsoft should release security patches ASAP.


Sincerely yours,
Manuel Santamarina Suarez


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: