Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities
Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities
... discovered by Benjamin Tobias Franz
Affected Vendor:
Microsoft
Affected Product:
Microsoft Works
Description:
Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted
files. All supported file formats (except plain text files) are affected
(eight different bugs):
Works 6.0-8.x => Denial of Service (DoS) - 99% CPU usage
Works 4.x/2000 => Denial of Service (DoS) - Crash (msvcr71.dll)
Works for Windows 3.0 => Denial of Service (DoS) - Crash
Works for Windows 2.0 / Works for DOS => Denial of Service (DoS) - Crash
Excel 97-2000 => Buffer Overrun
Excel 5.0/95 => Buffer Overrun
Excel 4.0 => Denial of Service (DoS) - Crash
Lotus 1-2-3 => Denial of Service (DoS) - Crash (msvcr71.dll)
Exploitable:
Yes
Workaround:
Do not open any spreadsheet file from untrusted sources with Microsoft
Works.
Proof-of-Concept files (simple demonstration files only):
http://hometown.aol.de/qwertzset/BTFs_MSWorksSpreadsheet_PoCFiles.zip
Date of discovery:
10. - 13. Juli 2006
Tested software:
Microsoft Works 8.0 on Windows XP SP2
(wksss.exe: 8.4.702.0 | msvcr71.dll: 7.10.3052.4)
Possibly some of the bugs are fixed in version 8.5. Test it...
Regards,
Benjamin Tobias Franz,
Germany