Full Disclosure mailing list archives
Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME***
From: str0ke <str0ke () milw0rm com>
Date: Wed, 21 Jun 2006 07:21:22 -0500
Must be the advisory......... (: /str0ke On 6/21/06, ad () heapoverflow com <ad () heapoverflow com> wrote:
me I wonder who's ultralame, kcope or the advisory ? :> kcope wrote: > Hello FistFuXXer, > Very nice that you found that, since unicode overflows are not that > easy to exploit. > I didn't know that Spreadsheet-Perl converted the string into unicode > and then put it > into the file. > Very nice very nice :o) I like that 0x41414141 :o) weird I didn't even > look into the > hex edit of the xls file. > > Best Regards, > > kcope > > > > FistFuXXer wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello kcope, >> >> the vulnerability that you've found isn't an Unicode-based buffer >> overflow, Spreadsheet-Perl just converts the string to Unicode and you >> can edit it later with a hex editor. >> >> It's just a simple stack overflow that overwrites the memory after the >> return address. Until all the write-able stack memory is full and the >> application tries to overwrite the read-only memory after it, an >> exception happens. So you won't be able to exploit it by using the >> return address of the vulnerable 'hlink' function but you can still use >> the SE handler for exploitation. >> >> It looks like Microsoft should release security patches ASAP. >> >> >> Sincerely yours, >> Manuel Santamarina Suarez >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > __________ NOD32 1.1611 (20060620) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** kcope (Jun 18)
- Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** . Solo (Jun 19)
- Message not available
- Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** kcope (Jun 20)
- Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** ad () heapoverflow com (Jun 21)
- Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** str0ke (Jun 21)
- Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** kcope (Jun 20)
- Re: ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** FistFuXXer (Jun 21)