Vulnerability Development mailing list archives

Re: Bug in Microsoft Word

From: Pedro Jota Calvorota <calvorota () ya com>
Date: Tue, 07 Oct 2003 03:49:03 +0200

I would like to make you notice two things:

- I downloaded the doc file fromhttp://www12.brinkster.com/bsecurity/Doc1.doc and checked it with MSOfcicce XP version and it crashes. Oddly if i do it with word97, itdoesn't not crash but shows the cursor at the end of the first line :|


- I just can't find the pattern

00 00 00 00 00 a3 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01
00 00 00 00 00 00 b4 01 00 00 20 00 00 00 9c 01 00 00 00 00 00 00 9c
01 00 00 00 00 00 00 9c 01 00 00 00 00 00 00 9c 01 00 00 00 00 00 00

in any doc i create, word97, or XP... is it the same in any varsion? idon't even find de "b4 01" pattern to be able to modify the EAX register.


Can you explain it a little deeper?

Thanks a lot.

--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

Current thread:

Bug in Microsoft Word Bahaa Naamneh (Oct 03)
- <Possible follow-ups>
- Re: Bug in Microsoft Word Pedro Jota Calvorota (Oct 08)
  - RE: Bug in Microsoft Word Arjun Pednekar (Oct 09)
- Re: Bug in Microsoft Word Bahaa Naamneh (Oct 08)