Few unreported vulnerabilities by SehaTo
Hello lists,
SehaTo (sehato at yandex ru) reported few vulnerabilities in different
Windows applications. Original messages (in Russian) may be found at
http://securityvulns.com/source16446.html
1. Microsoft Windows Explorer corrupted WMF vulnerability
http://securityvulns.com/news/Microsoft/Windows/Explorer/DoS.html
Windows explorer (explorer.exe) crashes on browsing folder with
corrupted WMF files.
SecurityVulns note: from the very fast debugging results analysis on
Windows XP SP2, there is potential code execution possibility (memory
corruption), because attacker-controllable data is used to contruct
both read and write memory addresses. Deeper research of exploitation
possibility was not performed.
2. IfranView / Microsoft Office 2003 malformed WMF crash
http://securityvulns.com/news/IrfanView/WMF/DoS.html
IfranView crashes on attempt to view malformed WMF, Microsoft Office
crashes on attempt to insert corrupted WMF file.
SecurityVulns note: because of relatively low impact, SecurityVulns did
no research on this vulnerability.
3. 2 different Microsoft Excel DoS conditions
http://securityvulns.com/news/Microsoft/Excel/XML/DoS.html
2 different crashes in Microsoft Excel on parsing .XLS files (corrupted
XML and corrupted XLS formats).
SecurityVulns note: vulnerabilities confirmed on Microsoft Excel 2003.
Both vulnerabilities are of NULL-pointer dereference type. Code
execution is probably impossible.
--
/3APA3A
http://securityvulns.com/