Full Disclosure mailing list archives
Re: Microsoft Office Excel 2010 memory corruption
From: kaveh ghaemmaghami <kavehghaemmaghami () googlemail com>
Date: Mon, 29 Oct 2012 22:21:24 +0330
Would you consider software that is used to open local documents and crashes when you feed it corrupt data defective? GNAA Security Team considered On Mon, Oct 29, 2012 at 5:47 AM, kaveh ghaemmaghami <kavehghaemmaghami () googlemail com> wrote:
Hello list Dear Peter and others please take a look @ it Best Regards Kaveh Ghaemmaghami Title : Microsoft Office Excel 2010 memory corruption Version : Microsoft Office professional Plus 2010 Date : 2012-10-27 Vendor : http://office.microsoft.com Impact : Med/High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : XP SP3 ENG ############################################################################### Bug : ---- memory corruption during the handling of the xls files a context-dependent attacker can execute arbitrary code (need investigate ) ---- ################################################################################ (b4c.1350): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000584 ebx=00135070 ecx=00001000 edx=0000105f esi=06a80800 edi=00000040 eip=301ce0d0 esp=001302f0 ebp=00131d6c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 *** ERROR: Symbol file could not be found. Defaulted to export symbols for Excel.exe - Excel!Ordinal40+0x1ce0d0: 301ce0d0 668b5008 mov dx,word ptr [eax+8] ds:0023:0000058c=???? ################################################################################ Proof of concept included. http://www36.zippyshare.com/v/48422905/file.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Microsoft Office Excel 2010 memory corruption, (continued)
- Re: Microsoft Office Excel 2010 memory corruption Kelvin White (Oct 30)
- Re: Microsoft Office Excel 2010 memory corruption Michael Simpson (Oct 30)
- Message not available
- Re: Microsoft Office Excel 2010 memory corruption Michael Simpson (Oct 30)
- Re: Microsoft Office Excel 2010 memory corruption Antony widmal (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Thor (Hammer of God) (Oct 29)
- Re: Microsoft Office Excel 2010 memory corruption Richard Miles (Oct 30)