Home page logo
/

bugtraq logo Bugtraq mailing list archives

Shared section vulnerability when opening microsoft office document resulting in DoS
From: sylvain.roger () solucom fr
Date: 27 Jul 2005 07:36:46 -0000

There is a shared section vulnerability in office products when trying to open
an office document with firefox. For example try to open a word document
attached in a webmail. firefox.exe process will create a son winword.exe
process (it only appears when the process is created with firefox not svchosts). When creating this process a shared 
section is created called
\BaseNameObjects\Mso97SharedDgXXXXXXXX (the number may change I am not sure at
the present time). The rights on this shared section are put on "everyone" for
delete/synchronise/query/modify. this allows to write arbitrary data and to
perform a Dos against ALL Office open applications.

I do not manage to know if it is a firefox or Microsoft office vulnerability


  By Date           By Thread  

Current thread:
  • Shared section vulnerability when opening microsoft office document resulting in DoS sylvain . roger (Jul 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]