-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Let's go on the fast publishing :)
I wont bother to message microsoft about this because they wont patch it
for sure according that they can't patch fully exploitable bugs in a
decent time, they do not patch IE dos
(http://heapoverflow.com/IEcrash.htm), so no way to bother them, we
should let them sleep a bit shhh ;)
Bugs 1 and Bugs 2 are quite similiar but NOT, both are null pointer bugs
. In bug1 you should mod a grafic's pointer to point to a bad area, and
in bug 2 you should null out the size of the page name.
attached are the 2 pocs, nor here are direct links
http://heapoverflow.com/excelol/bug1.xls
http://heapoverflow.com/excelol/bug2.xls
Credits:
AD [at] heapoverflow.com
- -------------------
class101
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iQIVAwUBQ6aRBK+LRXunxpxfAQKSHxAAucyw3lKI7mfbc4y5wjRNDXP5UnE7WSuJ
Z0j5xR/O666IkJ6s9ymoOwIO8flK9IvBoPKO6G5CxK0QWJSqHahfj1JDnEQSslGr
HYe+IOhr0JZ94AnqiCzF1gRevFDtDD8dYhEk41TvEIs67x43gAoHW6m/eMTxgOfn
HaF+7X7O5ovYK4nAe8wy2dsk2vzbvx0WTnERX+a1c3/OBXp/z6KuEevL8HFGdkZu
lk57U8jSzoEAGGtwiPlv7IN67Oz58uOHvQmjYuZhaVzpGU8v55qszHeR/VGy4KZC
BKyFZlXUVZc1zj+OEdRIznoGvC62QAmHIxF863U1KDlZaUGtqOOQv15yugDmODOY
gwzNdBkKnMbrM9B2yskbQB3e9kI3kwwG0lOKydhuOViF4AScBb5ckrKHybjKnv8c
0Q7kqx/CeEVf0UcMaf69A5X5FeH8xC4zAKjiM5VXTgyPtKuO7t6Z9NkdO01AWjSz
QunfGmmOEu3x2BN/x3dZL9D4vt3Im+f592vrwkiAGwws5gMsq15recZy4LIEMz1Y
4Gaf5kxpYs4OSkVNZjLoFj9LPeH1sGL5pOp6mQMq8P+YzS3RovDPrBLI/Kt89C2/
ycOaPXmWP5dD/ZPRC+r2lmqWzdd9d9MXE/8XrNqHHHuods7SgMqbLwCQX0VTf3Fx
WCSSdl+ab+Q=
=8nFj
-----END PGP SIGNATURE-----
- application/vnd.ms-excel attachment: bug2_xls
- application/vnd.ms-excel attachment: bug1_xls
Received on Dec 19 2005
Intro
