Full Disclosure mailing list archives
Re: Microsoft Office Publisher 2010 memory corruption
From: Peter Ferrie <peter.ferrie () gmail com>
Date: Sun, 28 Oct 2012 18:48:23 -0700
I have discovered many crashes during testing MS product which i can discuss with authority responsible memory corruption during the handling of the pub files a context-dependent attacker can execute arbitrary code. ----
ecx=00000004 ... esi=00000000
...
MSVCR90!memmove+0x140: 7855b450 8b448ef0 mov eax,dword ptr [esi+ecx*4-10h] ds:0023:00000000=????????
This is a null pointer access. You have not demonstrated any control over the value in esi, so it is highly unlikely that it can be used for exploitation. We will investigate it, of course. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Office Publisher 2010 memory corruption kaveh ghaemmaghami (Oct 27)
- Re: Microsoft Office Publisher 2010 memory corruption Peter Ferrie (Oct 28)
- Re: Microsoft Office Publisher 2010 memory corruption Yuhong Bao (Oct 29)