About the latest three Powerpoint vulnerabilities: exploitable?

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: About the latest three Powerpoint vulnerabilities: exploitable?
From: ewt@xxxxxxxxxxxxxxxx
Date: 18 Jul 2006 13:02:08 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

We have analyzed the three proof-of-concept documents recently posted on the 
mailing list, and they don't appear exploitable to us. Specifically:
 - powerpnt.exe: NULL pointer dereference, unusable. Are we missing anything?
 - memory corruption: we apparently control the address, but not the contents 
written to it. Doesn't appear usable
 - mso.dll: this didn't work for us. We see an integer overflow exception being 
raised with RaiseException, followed by a C++ exception, but no apparent side 
effects. PowerPoint complains, but closes cleanly and works fine thereafter

Is any of the three supposed to go beyond a local DoS? anyone else has analyzed 
them?

Prev by Date: hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities
Next by Date: ASP.DLL Include File Buffer Overflow
Previous by thread: hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities
Next by thread: ASP.DLL Include File Buffer Overflow
Index(es):
- Date
- Thread