Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16628
HistoryApr 09, 2007 - 12:00 a.m.

[Full-disclosure] Some 0day Pocs

2007-04-0900:00:00
vulners.com
97

Mati Aharoni

muts [.@.] offensive-security.com <mailto:[email protected]>

http://www.offensive-security.com

My 7 line python fuzzer found several file format bugs in 3 hours. Quite
alarming.

No deep analysis was done, I leave that to the community.

These are some of the results:

file789-1.doc - Unspecified Overflow in word 2007 - Crash in wwlib.dll -
Code execution is not trivial.

file798-1.doc - Word 2007 CPU exhaustion DOS - CPU shoots up to 100 %.

file613-1.doc - Word 2007 CPU exhaustion DOS + ding - CPU shoots up to 100
%, and windows goes "ding!"

evil.hlp - Heap overflow in Windows HLP files - Funky heap overflow crash,
more than meets the eye (does this sound familiar to anyone?)

These files can be found at
http://www.offensive-security.com/0day/0day.tar.gz

Be safe,

Muts