[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Office Publisher 2010 memory corruption

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Microsoft Office Publisher 2010 memory corruption
From: Peter Ferrie <peter.ferrie@xxxxxxxxx>
Date: Sun, 28 Oct 2012 18:48:23 -0700

> I have discovered many crashes during testing MS product which i can
> discuss with authority  responsible
> memory corruption during the handling of the pub files a
> context-dependent attacker can execute arbitrary code.
> ----

> ecx=00000004 ... esi=00000000
...
> MSVCR90!memmove+0x140:
> 7855b450 8b448ef0        mov     eax,dword ptr [esi+ecx*4-10h]
> ds:0023:00000000=????????

This is a null pointer access.  You have not demonstrated any control
over the value in esi, so it is highly unlikely that it can be used
for exploitation.
We will investigate it, of course.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Microsoft Office Publisher 2010 memory corruption
  - From: kaveh ghaemmaghami

Prev by Date: [Full-disclosure] Cross-Site Scripting vulnerability in CorePlayer
Next by Date: [Full-disclosure] Microsoft Office Excel 2010 memory corruption
Previous by thread: [Full-disclosure] Microsoft Office Publisher 2010 memory corruption
Next by thread: Re: [Full-disclosure] Microsoft Office Publisher 2010 memory corruption
Index(es):
- Date
- Thread