[guru] Fwd: [0-1-2-3@gmx.de: Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities]
DATE: Mon, 17 Jul 2006 15:58:20 +0200
DoS sebezhetőséget és több buffer overflow-t fedeztek fel a
Microsoft Works-ben.
----- Forwarded message from Benjamin Tobias Franz <0-1-2-3@gmx.de> -----
Date: Fri, 14 Jul 2006 16:18:46 +0200
From: Benjamin Tobias Franz <0-1-2-3@gmx.de>
To: bugtraq@securityfocus.com
Subject: Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities
... discovered by Benjamin Tobias Franz
Affected Vendor:
Microsoft
Affected Product:
Microsoft Works
Description:
Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted
files. All supported file formats (except plain text files) are affected
(eight different bugs):
Works 6.0-8.x => Denial of Service (DoS) - 99% CPU usage
Works 4.x/2000 => Denial of Service (DoS) - Crash (msvcr71.dll)
Works for Windows 3.0 => Denial of Service (DoS) - Crash
Works for Windows 2.0 / Works for DOS => Denial of Service (DoS) - Crash
Excel 97-2000 => Buffer Overrun
Excel 5.0/95 => Buffer Overrun
Excel 4.0 => Denial of Service (DoS) - Crash
Lotus 1-2-3 => Denial of Service (DoS) - Crash (msvcr71.dll)
Exploitable:
Yes
Workaround:
Do not open any spreadsheet file from untrusted sources with Microsoft Works.
Proof-of-Concept files (simple demonstration files only):
http://hometown.aol.de/qwertzset/BTFs_MSWorksSpreadsheet_PoCFiles.zip
Date of discovery:
10. - 13. Juli 2006
Tested software:
Microsoft Works 8.0 on Windows XP SP2
(wksss.exe: 8.4.702.0 | msvcr71.dll: 7.10.3052.4)
Possibly some of the bugs are fixed in version 8.5. Test it...
Regards,
Benjamin Tobias Franz,
Germany
----- End forwarded message -----