It reminds me my question from GNAA Security Team when i got seek from their exploitions.
How can i make sure a software is not exploitable? (( The short answer is simple assume every software is exploitable and remove it. )) 2012/10/29 kaveh ghaemmaghami <kavehghaemmagh...@googlemail.com> > It reminds me my question from VUPEN Security Team when i got seek > from their exploitions > > How can i make sure a crash is not exploitable? (( The short answer is > simple assume every crash is exploitable and just fix it.)) > > Best Regards > > On Mon, Oct 29, 2012 at 5:47 AM, kaveh ghaemmaghami > <kavehghaemmagh...@googlemail.com> wrote: > > Hello list > > > > Dear Peter and others please take a look @ it > > > > Best Regards > > Kaveh Ghaemmaghami > > > > Title : Microsoft Office Excel 2010 memory corruption > > Version : Microsoft Office professional Plus 2010 > > Date : 2012-10-27 > > Vendor : http://office.microsoft.com > > Impact : Med/High > > Contact : coolkaveh [at] rocketmail.com > > Twitter : @coolkaveh > > tested : XP SP3 ENG > > > ############################################################################### > > Bug : > > ---- > > memory corruption during the handling of the xls files a > > context-dependent attacker > > can execute arbitrary code (need investigate ) > > ---- > > > ################################################################################ > > (b4c.1350): Access violation - code c0000005 (first chance) > > First chance exceptions are reported before any exception handling. > > This exception may be expected and handled. > > eax=00000584 > > ebx=00135070 > > ecx=00001000 > > edx=0000105f > > esi=06a80800 > > edi=00000040 > > eip=301ce0d0 > > esp=001302f0 > > ebp=00131d6c iopl=0 nv up ei pl zr na pe nc > > cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 > efl=00010246 > > *** ERROR: Symbol file could not be found. Defaulted to export > > symbols for Excel.exe - > > Excel!Ordinal40+0x1ce0d0: > > 301ce0d0 668b5008 mov dx,word ptr [eax+8] > ds:0023:0000058c=???? > > > ################################################################################ > > Proof of concept included. > > http://www36.zippyshare.com/v/48422905/file.html > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
