[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Shared section vulnerability when opening microsoft office
From: sylvain.roger () solucom ! fr
Date: 2005-07-27 7:36:46
Message-ID: 20050727073646.21882.qmail () securityfocus ! com
[Download RAW message or body]
There is a shared section vulnerability in office products when trying to open
an office document with firefox. For example try to open a word document
attached in a webmail. firefox.exe process will create a son winword.exe
process (it only appears when the process is created with firefox not svchosts). When \
creating this process a shared section is created called \
\BaseNameObjects\Mso97SharedDgXXXXXXXX (the number may change I am not sure at the \
present time). The rights on this shared section are put on "everyone" for \
delete/synchronise/query/modify. this allows to write arbitrary data and to perform a \
Dos against ALL Office open applications.
I do not manage to know if it is a firefox or Microsoft office vulnerability
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic