mailing list archives
Re: 2x 0day Microsoft Windows Excel
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Tue, 10 Jan 2006 15:59:50 +0100
-----BEGIN PGP SIGNED MESSAGE-----
I have got many questions about the severity of the bug , you can show
a demo yourself here:
ms will fixe this issue soon I'm sure, for me , job done, bye :>
ad () heapoverflow com wrote:
after many hours working on excel I have found a critical excel bug
exploitable. This is not a stack bof nor a heap bof , a bug
extremely hard to find and trigger , but it conduct excel to
execute any arbitrary codes while opening a malicious .xls file.
note: the bug isn't related to both excel dos that I have already
published but shows similiar to a null pointer bug at a first look.
much infos won't be disclosed publicly or privately and this will
be transmitted to ms before the spyware loosers catch it :)
I have said so this is only null pointer bugs but the way I
trigger the bug might be modded for a remote code execution who
know , I'm not a guru and maybe did an error triggering the
flaw who knows :) but I bet many are already reasearching on
this hehe, happy job!
Let's go on the fast publishing :) I wont bother to message
microsoft about this because they wont patch it for sure
according that they can't patch fully exploitable bugs in a
decent time, they do not patch IE dos
(http://heapoverflow.com/IEcrash.htm), so no way to bother
them, we should let them sleep a bit shhh ;)
Bugs 1 and Bugs 2 are quite similiar but NOT, both are null
pointer bugs . In bug1 you should mod a grafic's pointer to
point to a bad area, and in bug 2 you should null out the size
of the page name.
attached are the 2 pocs, nor here are direct links
AD [at] heapoverflow.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/