<<< Date Index >>>     <<< Thread Index >>>

Few unreported vulnerabilities by SehaTo



Hello lists,

 SehaTo  (sehato at yandex ru) reported few vulnerabilities in different
 Windows  applications.  Original  messages (in Russian) may be found at
 http://securityvulns.com/source16446.html

 1. Microsoft Windows Explorer corrupted WMF vulnerability
 http://securityvulns.com/news/Microsoft/Windows/Explorer/DoS.html

 Windows   explorer  (explorer.exe)  crashes  on  browsing  folder  with
 corrupted WMF files.

 SecurityVulns  note:  from  the very fast debugging results analysis on
 Windows  XP  SP2, there is potential code execution possibility (memory
 corruption),  because  attacker-controllable  data  is used to contruct
 both  read  and write memory addresses. Deeper research of exploitation
 possibility was not performed.

 2. IfranView / Microsoft Office 2003 malformed WMF crash
 http://securityvulns.com/news/IrfanView/WMF/DoS.html

 IfranView  crashes  on  attempt to view malformed WMF, Microsoft Office
 crashes on attempt to insert corrupted WMF file.

 SecurityVulns note: because of relatively low impact, SecurityVulns did
 no research on this vulnerability.

 3. 2 different Microsoft Excel DoS conditions
 http://securityvulns.com/news/Microsoft/Excel/XML/DoS.html

 2 different crashes in Microsoft Excel on parsing .XLS files (corrupted
 XML and corrupted XLS formats).

 SecurityVulns  note: vulnerabilities confirmed on Microsoft Excel 2003.
 Both   vulnerabilities  are  of  NULL-pointer  dereference  type.  Code
 execution is probably impossible.

-- 
/3APA3A
http://securityvulns.com/