Microsoft Office XP Remote code Execution

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Microsoft Office XP Remote code Execution

来源：http://www.protekresearchlab.com 作者：Francis 发布时间：2011-06-15

#####################################################################################

Application: Microsoft Office XP Remote code Execution

Platforms: Windows Vista

Exploitation: Remote code execution

CVE Number:

Microsoft Bulletin:

{PRL}: 2011-07

Author: Francis Provencher (Protek Research Lab's)

WebSite: http://www.protekresearchlab.com/

Twitter: @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

Microsoft Office is a proprietary commercial office suite of inter-related desktop

applications, servers and services for the Microsoft Windows and Mac OS X operating

systems, introduced by Microsoft in 1989. Initially a marketing term for a bundled

set of applications, the first version of Office contained Microsoft Word,

Microsoft Excel, and Microsoft PowerPoint. Over the years, Office applications have

grown substantially closer with shared features such as a common spell checker,

OLE data integration and Microsoft Visual Basic for Applications scripting language.

http://en.wikipedia.org/wiki/Microsoft_Office

#####################################################################################

============================
2) Report Timeline
============================

2011-01-03 - Vulnerability reported to vendor
2011-06-14 - Uncoordinated public release of advisory

#####################################################################################

====================
3) Technical details
====================

This vulnerability allows remote attackers to execute arbitrary code on vulnerable

installations of Microsoft Office Word. User interaction is required to exploit this

vulnerability in that the target must visit a malicious page or open a malicious file.

0:000> g
(c18.bf4): Access violation - code c0000005 (!!! second chance !!!)
eax=41424344 ebx=00000011 ecx=00000010 edx=00000001 esi=00000000 edi=41424344
eip=308eb16d esp=00125450 ebp=00125474 iopl=0         nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000             efl=00010246
winword!wdGetApplicationObject+0x150fac:
308eb16d 8b07            mov     eax,dword ptr [edi] ds:0023:41424344=????????

#####################################################################################

===========
4) POC
===========

http://www.exploit-db.com/sploits/PRL-2011-07.doc
http://www.protekresearchlab.com/exploits/PRL-2011-07.doc

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告