Microsoft Word 2007 WWLib.DLL Buffer Overflow Vulnerability

forkb0mb.org

Calendar

Back June '13
Mon Tue Wed Thu Fri Sat Sun
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

Quicksearch

Categories


All categories

Archives

Blog Administration

Open login screen

Microsoft Word 2007 WWLib.DLL Buffer Overflow Vulnerability

Saturday, April 14. 2007

Microsoft Word 2007 WWLib.DLL Buffer Overflow Vulnerability

"Microsoft Word is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue by enticing a victim to open a malicious Word file.

Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions."

/*
Yet another vulnerability in Microsoft Office, this time using Microsoft Word as the attack vector. Apparently there's already a proof-of-concept exploit. Didn't cause my OpenOffice 2.0 to crash, though. With that being said, I still wouldn't attempt to open this document with a Microsoft application as I am not sure what the PoC might be capable of doing.
*/
Posted by TJE in Advisories, Buffer Overflow, Exploits, Vulnerabilities at 12:37 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA