[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Shared section vulnerability when opening microsoft office
From:       sylvain.roger () solucom ! fr
Date:       2005-07-27 7:36:46
Message-ID: 20050727073646.21882.qmail () securityfocus ! com
[Download RAW message or body]

There is a shared section vulnerability in office products when trying to open
an office document with firefox. For example try to open a word document
attached in a webmail. firefox.exe process will create a son winword.exe
process (it only appears when the process is created with firefox not svchosts). When \
creating this process a shared section is created called \
\BaseNameObjects\Mso97SharedDgXXXXXXXX (the number may change I am not sure at the \
present time). The rights on this shared section are put on "everyone" for \
delete/synchronise/query/modify. this allows to write arbitrary data and to perform a \
Dos against ALL Office open applications.

I do not manage to know if it is a firefox or Microsoft office vulnerability


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic