Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Few unreported vulnerabilities by SehaTo
From: 3APA3A <3APA3A () security nnov ru>
Date: Sun, 25 Feb 2007 19:12:08 +0300

Hello lists,

 SehaTo  (sehato at yandex ru) reported few vulnerabilities in different
 Windows  applications.  Original  messages (in Russian) may be found at
 http://securityvulns.com/source16446.html

 1. Microsoft Windows Explorer corrupted WMF vulnerability
 http://securityvulns.com/news/Microsoft/Windows/Explorer/DoS.html

 Windows   explorer  (explorer.exe)  crashes  on  browsing  folder  with
 corrupted WMF files.

 SecurityVulns  note:  from  the very fast debugging results analysis on
 Windows  XP  SP2, there is potential code execution possibility (memory
 corruption),  because  attacker-controllable  data  is used to contruct
 both  read  and write memory addresses. Deeper research of exploitation
 possibility was not performed.

 2. IfranView / Microsoft Office 2003 malformed WMF crash
 http://securityvulns.com/news/IrfanView/WMF/DoS.html

 IfranView  crashes  on  attempt to view malformed WMF, Microsoft Office
 crashes on attempt to insert corrupted WMF file.

 SecurityVulns note: because of relatively low impact, SecurityVulns did
 no research on this vulnerability.

 3. 2 different Microsoft Excel DoS conditions
 http://securityvulns.com/news/Microsoft/Excel/XML/DoS.html

 2 different crashes in Microsoft Excel on parsing .XLS files (corrupted
 XML and corrupted XLS formats).

 SecurityVulns  note: vulnerabilities confirmed on Microsoft Excel 2003.
 Both   vulnerabilities  are  of  NULL-pointer  dereference  type.  Code
 execution is probably impossible.

-- 
/3APA3A
http://securityvulns.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Few unreported vulnerabilities by SehaTo 3APA3A (Feb 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]