Few unreported vulnerabilities by SehaTo Feb 25 2007 04:12PM
3APA3A (3APA3A security nnov ru)
Hello lists,

SehaTo (sehato at yandex ru) reported few vulnerabilities in different
Windows applications. Original messages (in Russian) may be found at

1. Microsoft Windows Explorer corrupted WMF vulnerability

Windows explorer (explorer.exe) crashes on browsing folder with
corrupted WMF files.

SecurityVulns note: from the very fast debugging results analysis on
Windows XP SP2, there is potential code execution possibility (memory
corruption), because attacker-controllable data is used to contruct
both read and write memory addresses. Deeper research of exploitation
possibility was not performed.

2. IfranView / Microsoft Office 2003 malformed WMF crash

IfranView crashes on attempt to view malformed WMF, Microsoft Office
crashes on attempt to insert corrupted WMF file.

SecurityVulns note: because of relatively low impact, SecurityVulns did
no research on this vulnerability.

3. 2 different Microsoft Excel DoS conditions

2 different crashes in Microsoft Excel on parsing .XLS files (corrupted
XML and corrupted XLS formats).

SecurityVulns note: vulnerabilities confirmed on Microsoft Excel 2003.
Both vulnerabilities are of NULL-pointer dereference type. Code
execution is probably impossible.


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus