Vulnerability Development mailing list archives
RE: Bug in Microsoft Word
From: "Arjun Pednekar" <arjun.pednekar () patni com>
Date: Wed, 8 Oct 2003 21:28:00 -0700
I'm using Word 2002 (10.2627.3501) SP-1, and I was also not able to find the pattern "b4 01". But after making the following changes I was able to crash my version of M$-Word. Change the pattern at location 0000061e:00 00 00 00 to 0000061e:62 62 62 62 (I used HVIEW) This happens to be the same location in the Word file downloaded from http://www12.brinkster.com/bsecurity HTH. Arjun R. Pednekar Patni Computer Systems Limited 31/10, EL Zone, J-Block, MIDC Bhosari, Pune 411026, India Tel: + 91-20-7123980 x 499 Fax: + 91-20-7123396 Cell: + 91-9820876212 -----Original Message----- From: Pedro Jota Calvorota [mailto:calvorota () ya com] Sent: Monday, October 06, 2003 6:49 PM To: vuln-dev () securityfocus com Subject: Re: Bug in Microsoft Word I would like to make you notice two things: - I downloaded the doc file from http://www12.brinkster.com/bsecurity/Doc1.doc and checked it with MS Ofcicce XP version and it crashes. Oddly if i do it with word97, it doesn't not crash but shows the cursor at the end of the first line :| - I just can't find the pattern 00 00 00 00 00 a3 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 b4 01 00 00 20 00 00 00 9c 01 00 00 00 00 00 00 9c 01 00 00 00 00 00 00 9c 01 00 00 00 00 00 00 9c 01 00 00 00 00 00 00 in any doc i create, word97, or XP... is it the same in any varsion? i don't even find de "b4 01" pattern to be able to modify the EAX register. Can you explain it a little deeper? Thanks a lot. -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
Current thread:
- Bug in Microsoft Word Bahaa Naamneh (Oct 03)
- <Possible follow-ups>
- Re: Bug in Microsoft Word Pedro Jota Calvorota (Oct 08)
- RE: Bug in Microsoft Word Arjun Pednekar (Oct 09)
- Re: Bug in Microsoft Word Bahaa Naamneh (Oct 08)