<<< Date Index >>>     <<< Thread Index >>>

Shared section vulnerability when opening microsoft office document resulting in DoS



There is a shared section vulnerability in office products when trying to open
an office document with firefox. For example try to open a word document
attached in a webmail. firefox.exe process will create a son winword.exe
process (it only appears when the process is created with firefox not 
svchosts). When creating this process a shared section is created called
\BaseNameObjects\Mso97SharedDgXXXXXXXX (the number may change I am not sure at
the present time). The rights on this shared section are put on "everyone" for
delete/synchronise/query/modify. this allows to write arbitrary data and to
perform a Dos against ALL Office open applications.

I do not manage to know if it is a firefox or Microsoft office vulnerability