Microsoft Office Excel 2013 memory corruption

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Microsoft Office Excel 2013 memory corruption

来源：coolkaveh [at] rocketmail.com 作者：coolkaveh 发布时间：2012-11-13

Title     :  Microsoft Office Excel 2013 memory corruption 
Version   :  Microsoft Office professional Plus 2013
Date      :  2012-11-10
Vendor    :  http://office.microsoft.com 
Impact    :  Med/High 
Contact   :  coolkaveh [at] rocketmail.com 
Twitter   :  @coolkaveh 
tested    :  Windows 7
############################################################################### 
Bug : 
---- 
memory corruption during the handling of the xls files a context-dependent attacker  
can execute arbitrary code. 
----  
################################################################################
(ca8.b38): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000170 
ebx=0873cf6c 
ecx=00000170 
edx=00000008 
esi=01bc1fd0 
edi=00000180
eip=0047f35e esp=001f23ac ebp=001f23b8 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for Excel.exe - 
Excel!Ordinal43+0x1af35e:
0047f35e 8a07            mov     al,byte ptr [edi]          ds:0023:00000180=??
0:000> k
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
001f23b8 00630a89 Excel!Ordinal43+0x1af35e
001f2424 00630afc Excel!Ordinal43+0x360a89
001f243c 00435e1a Excel!Ordinal43+0x360afc
001f3f28 0043ccb0 Excel!Ordinal43+0x165e1a
001f4554 0042e0b1 Excel!Ordinal43+0x16ccb0
001f47e0 0042ec5e Excel!Ordinal43+0x15e0b1
001f4cc8 0042da24 Excel!Ordinal43+0x15ec5e
001f4cdc 00424325 Excel!Ordinal43+0x15da24
001f4dc8 00424183 Excel!Ordinal43+0x154325
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll - 
001f4f70 5eee27b2 Excel!Ordinal43+0x154183
001f5044 5eee2d21 mso!Ordinal570+0x193c
001f50a4 5eee2848 mso!Ordinal570+0x1eab
001f5104 5eee2d21 mso!Ordinal570+0x19d2
001f5164 5eee297a mso!Ordinal570+0x1eab
001f5224 5eeeb23f mso!Ordinal570+0x1b04
001f526c 00423f5d mso!Ordinal8585+0x463
001f52fc 00423fe4 Excel!Ordinal43+0x153f5d
001f611c 00406f24 Excel!Ordinal43+0x153fe4
001f6fa8 0040a5c1 Excel!Ordinal43+0x136f24
001f72a8 003fa7c1 Excel!Ordinal43+0x13a5c1
################################################################################
Proof of concept included.
http://www29.zippyshare.com/v/55114943/file.html

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告