Re: Re : [Firefox Bug 302187] New: Shared section vulnerability when opening microsoft office document resulting in DoS

From: Cesar (cesarc56_at_yahoo.com)
Date: 07/30/05

  • Next message: Thierry Carrez: "[ GLSA 200508-03 ] nbSMTP: Format string vulnerability"
    Date: Sat, 30 Jul 2005 12:56:29 -0700 (PDT)
    To: sylvain.roger@solucom.fr, bugtraq@securityfocus.com
    
    

    It's a security issue, i found it and reported this to
    MS long time ago when i started to research shared
    sections bugs, MS will fix the issue in some future. I
    don't know why MS said to you that it's not a security
    issue.

    Cesar.

    --- sylvain.roger@solucom.fr wrote:

    > As I got some questions about this I think I need to
    > precise it.
    > I can say for sure now : It is not a firefox
    > vulnerability but Microsoft Office vulnerability.
    > Firefox is just here as an example.
    > The vulnerability is that when a winword.exe process
    > is created from another application (like
    > firefox.exe) it creates a shared section called
    > \BaseNameObjects\Mso97SharedDgXXXXXXXX which has
    > write rights for everyone. This allows to write
    > arbitrary data on the shared section resulting in a
    > denial of service of all opened Microsoft Office
    > applications. It may be necessary sometimes to
    > reboot the machine in order to use again the Office
    > applications.
    > Microsoft just answers it is a technical issue and
    > not a security issue
    >

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com


  • Next message: Thierry Carrez: "[ GLSA 200508-03 ] nbSMTP: Format string vulnerability"