Информационная безопасность
[RU] switch to English


Дополнительная информация

  DoS против Windows Explorer в Microsoft Windows

  Explorer WMF File Denial Of Service

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:26 февраля 2007 г.
Subject:Few unreported vulnerabilities by SehaTo

Hello lists,

SehaTo  (sehato at yandex ru) reported few vulnerabilities in different
Windows  applications.  Original  messages (in Russian) may be found at
http://securityvulns.com/source16446.html

1. Microsoft Windows Explorer corrupted WMF vulnerability
http://securityvulns.com/news/Microsoft/Windows/Explorer/DoS.html

Windows   explorer  (explorer.exe)  crashes  on  browsing  folder  with
corrupted WMF files.

SecurityVulns  note:  from  the very fast debugging results analysis on
Windows  XP  SP2, there is potential code execution possibility (memory
corruption),  because  attacker-controllable  data  is used to contruct
both  read  and write memory addresses. Deeper research of exploitation
possibility was not performed.

2. IfranView / Microsoft Office 2003 malformed WMF crash
http://securityvulns.com/news/IrfanView/WMF/DoS.html

IfranView  crashes  on  attempt to view malformed WMF, Microsoft Office
crashes on attempt to insert corrupted WMF file.

SecurityVulns note: because of relatively low impact, SecurityVulns did
no research on this vulnerability.

3. 2 different Microsoft Excel DoS conditions
http://securityvulns.com/news/Microsoft/Excel/XML/DoS.html

2 different crashes in Microsoft Excel on parsing .XLS files (corrupted
XML and corrupted XLS formats).

SecurityVulns  note: vulnerabilities confirmed on Microsoft Excel 2003.
Both   vulnerabilities  are  of  NULL-pointer  dereference  type.  Code
execution is probably impossible.

--
/3APA3A
http://securityvulns.com/

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород