Vulners
Lucene search
Microsoft Office XP - Remote code Execution
#####################################################################################
Application: Microsoft Office XP Remote code Execution
Platforms: Windows Vista
Exploitation: Remote code execution
CVE Number:
Microsoft Bulletin:
{PRL}: 2011-07
Author: Francis Provencher (Protek Research Lab's)
WebSite: http://www.protekresearchlab.com/
Twitter: @ProtekResearch
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#####################################################################################
===============
1) Introduction
===============
Microsoft Office is a proprietary commercial office suite of inter-related desktop
applications, servers and services for the Microsoft Windows and Mac OS X operating
systems, introduced by Microsoft in 1989. Initially a marketing term for a bundled
set of applications, the first version of Office contained Microsoft Word,
Microsoft Excel, and Microsoft PowerPoint. Over the years, Office applications have
grown substantially closer with shared features such as a common spell checker,
OLE data integration and Microsoft Visual Basic for Applications scripting language.
http://en.wikipedia.org/wiki/Microsoft_Office
#####################################################################################
============================
2) Report Timeline
============================
2011-01-03 - Vulnerability reported to vendor
2011-06-14 - Uncoordinated public release of advisory
#####################################################################################
====================
3) Technical details
====================
This vulnerability allows remote attackers to execute arbitrary code on vulnerable
installations of Microsoft Office Word. User interaction is required to exploit this
vulnerability in that the target must visit a malicious page or open a malicious file.
0:000> g
(c18.bf4): Access violation - code c0000005 (!!! second chance !!!)
eax=41424344 ebx=00000011 ecx=00000010 edx=00000001 esi=00000000 edi=41424344
eip=308eb16d esp=00125450 ebp=00125474 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
winword!wdGetApplicationObject+0x150fac:
308eb16d 8b07 mov eax,dword ptr [edi] ds:0023:41424344=????????
#####################################################################################
===========
4) POC
===========
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17399.doc (PRL-2011-07.doc)
http://www.protekresearchlab.com/exploits/PRL-2011-07.docData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Jun 2011 00:00Current
7.4High risk
Vulners AI Score7.4