RE: Word 2000 DDE error on Win2K

["Snehal Dasari" <pavehawk () napalm net>]

Hi,

I can reproduce the error

Windows 2000, 5.00.2195 Service Pack 2
Word 2000, 9.0.4119 SR-1

The error I get:

Application exception occurred:
App:  (pid=1480)
When: 5/29/2001 @ 17:24:42.711
Exception number: c0000005 (access violation)

Was reproducable repeatedly on seperate machines as well. (All W2KSP2
machines)

Regards,
Snehal Dasari

-----Original Message-----
From: Oliver Reeves [mailto:Oliver.Reeves () compucat com au]
Sent: Tuesday, 29 May 2001 09:55
To: 'VULN-DEV () securityfocus com'
Subject: Word 2000 DDE error on Win2K


Morning All,

I was playing around with word this morning, and found something quite
interesting. I thought I'd post it to see what you all thought.

I'm not sure if this is a known bug in Word 2000, and I can't find out right
now as I don't have web access from my PC at work.

I can consistently crash Word 2000 using the following method:

1) Open up any text/document editor such as notepad or wordpad
2) type a single word (must be a known word, no punctuation).
3) highlight the whole word and CTRL+C
4) launch word 2000
5) CTRL+V
6) press HOME to take you to the start of the line
7) type I
8) hit the space bar

this consistenly crashes word 2000 for me, and i get the following error
message:

DDE Server Window: WINWORD.EXE - Application Error
The instruction at "0x3076a63e" referenced memory at "0x00000000". The
memory could not be "read".

I am running:
Win2K 5.00.2195
Word 2000 9.0.3821 SR-1

I doubt that this would be exploitable, but I thought I'd find out if any of
you could reproduce it.

Thanks
Oliver.