-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I was joking you know , this hole is a fake but shhh ;)
Amit Sharma wrote: > ad, don't you think it would be a good idea if you either post your > PoC with complete details otherwise do not post it. I mean from the > "excel_like_hell.swf" demo, I do not see anything that one would > infer. > > I can see that a xls file is created and on opening it (as per the > demo), it makes a registry entry. Now how true is this? If you are > posting no more info here they how is it going to help us otherwise > what was the intent of the post? > > - Amit > > > */"[EMAIL PROTECTED]" <[EMAIL PROTECTED]>/* wrote: > > I have got many questions about the severity of the bug , you can > show a demo yourself here: > > http://heapoverflow.com/excelol/excel_like_hell.swf > > ms will fixe this issue soon I'm sure, for me , job done, bye :> > > [EMAIL PROTECTED] wrote: >> after many hours working on excel I have found a critical excel >> bug exploitable. This is not a stack bof nor a heap bof , a bug >> extremely hard to find and trigger , but it conduct excel to >> execute any arbitrary codes while opening a malicious .xls file. > >> note: the bug isn't related to both excel dos that I have already >> published but shows similiar to a null pointer bug at a first >> look. much infos won't be disclosed publicly or privately and >> this will be transmitted to ms before the spyware loosers catch >> it :) > >>>> I have said so this is only null pointer bugs but the way I >>>> trigger the bug might be modded for a remote code execution >>>> who know , I'm not a guru and maybe did an error triggering >>>> the flaw who knows :) but I bet many are already reasearching >>>> on this hehe, happy job! > > > >>>> Let's go on the fast publishing :) I wont bother to message >>>> microsoft about this because they wont patch it for sure >>>> according that they can't patch fully exploitable bugs in a >>>> decent time, they do not patch IE dos >>>> (http://heapoverflow.com/IEcrash.htm), so no way to bother >>>> them, we should let them sleep a bit shhh ;) >>>> >>>> Bugs 1 and Bugs 2 are quite similiar but NOT, both are null >>>> pointer bugs . In bug1 you should mod a grafic's pointer to >>>> point to a bad area, and in bug 2 you should null out the >>>> size of the page name. >>>> >>>> >>>> attached are the 2 pocs, nor here are direct links >>>> >>>> >>>> http://heapoverflow.com/excelol/bug1.xls >>>> >>>> http://heapoverflow.com/excelol/bug2.xls >>>> >>>> >>>> >>>> >>>> Credits: >>>> >>>> AD [at] heapoverflow.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ > Send instant messages to your online friends > http://in.messenger.yahoo.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ8bXoq+LRXunxpxfAQKUDxAA6TuBrXW1X9UFWcEcqm5nIkknfk0SHZVd oqEerf4f1xXuvmQOauMnkBMM5p8nxpAVMN2/0yYeyHOpuO9Xv+ZKzsz4rn4XBB78 0nIITxy4w57U/tj7qXI7whG+798MMgse5iNFWzEmJltSlo8Wi8RTSKSEfOz06Cei vNCIOYUF3lZG8xrwygbqJgapVKwXX0A9U9A0xwvfykpLLwQCLOZsYp3bQi8C9R4M EhdrOXTlz10J5i4wusYAbBoOW08FbJn1OQLOp3HhUoYXZlgq/n8IBvatwxNceTVo 1gU97IYdSHpRpGkgjLas0RSHEB+L3KbSkTL/JqbuIr2cF7Dxz/sUbvZLOWBtIn6x sc6/g1a0xWq3jG0LtfotGGmtUfJ+KSumlxm0YR3NtVoOCbqXdbfxMgiHDmxF8Aag SfELl40jeIboPqrGoblaMhz7OWquVVfFjmfkIuyiwzUuNBSP9QcvarkMWdTZavbQ JcBunpP3Hw4aE3zNp7i3aHPTGoBNaEcu6Fgfvaa9CA7pmUaehgoYW4QBdGa6j0JW 4CtGFhFSFrMddgtDWKoEU/vlzkvbl8QaaYwjXby6VU+kMoKthW1btD0SU4ue7uM5 Ke3HSh1ZrXhch4GqbaQKPV0/XlaRy8/GUQ3JulbKaHqMp834FhOMrEekXxsQH1VW pk71ohqJHbM= =g+EB -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
