RE: Word 2000 DDE error on Win2K

[Girard Pascal ThermoARL <pascal.girard () thermoarl com>]

I'm running :

  - Windows 2000 5.00.2195 US
  - Word 2000 9.0.2812 French

and was not abble to reproduce this behaviour on my
system. Note that I use it to test various product for
around 200 users with a happy mix of Win95/98/NT/2k french-english
(the base system is pure US, not multilanguage) and that 
the mess that lie on my system doesn't allow me 
to completly tell you the type/level of patch applied...

Regards
P.Girard


-----Original Message-----
From: Oliver Reeves [mailto:Oliver.Reeves () compucat com au]
Sent: Tuesday, May 29, 2001 1:55 AM
To: 'VULN-DEV () securityfocus com'
Subject: Word 2000 DDE error on Win2K


Morning All,

I was playing around with word this morning, and found something quite
interesting. I thought I'd post it to see what you all thought.

I'm not sure if this is a known bug in Word 2000, and I can't find out right
now as I don't have web access from my PC at work.

I can consistently crash Word 2000 using the following method:

1) Open up any text/document editor such as notepad or wordpad
2) type a single word (must be a known word, no punctuation).
3) highlight the whole word and CTRL+C
4) launch word 2000
5) CTRL+V
6) press HOME to take you to the start of the line
7) type I
8) hit the space bar

this consistenly crashes word 2000 for me, and i get the following error
message:

DDE Server Window: WINWORD.EXE - Application Error
The instruction at "0x3076a63e" referenced memory at "0x00000000". The
memory could not be "read".

I am running:
Win2K 5.00.2195
Word 2000 9.0.3821 SR-1

I doubt that this would be exploitable, but I thought I'd find out if any of
you could reproduce it.

Thanks
Oliver.