# Mati Aharoni
# muts [.@.] offensive-security.com <mailto:muts@offensive-security.com>
# http://www.offensive-security.com
My 7 line python fuzzer found several file format bugs in 3 hours. Quite
alarming.
No deep analysis was done, I leave that to the community.
These are some of the results:
file789-1.doc - Unspecified Overflow in word 2007 - Crash in wwlib.dll -
Code execution is not trivial.
file798-1.doc - Word 2007 CPU exhaustion DOS - CPU shoots up to 100 %.
file613-1.doc - Word 2007 CPU exhaustion DOS + ding - CPU shoots up to 100
%, and windows goes "ding!"
evil.hlp - Heap overflow in Windows HLP files - Funky heap overflow crash,
more than meets the eye (does this sound familiar to anyone?)
These files can be found at
http://www.offensive-security.com/0day/0day.tar.gz
Be safe,
Muts
{"id": "SECURITYVULNS:DOC:16628", "bulletinFamily": "software", "title": "[Full-disclosure] Some 0day Pocs", "description": "# Mati Aharoni\r\n\r\n# muts [.@.] offensive-security.com <mailto:muts@offensive-security.com> \r\n\r\n# http://www.offensive-security.com\r\n\r\n \r\n\r\n \r\n\r\nMy 7 line python fuzzer found several file format bugs in 3 hours. Quite\r\nalarming. \r\n\r\nNo deep analysis was done, I leave that to the community.\r\n\r\nThese are some of the results:\r\n\r\n \r\n\r\nfile789-1.doc - Unspecified Overflow in word 2007 - Crash in wwlib.dll -\r\nCode execution is not trivial.\r\n\r\nfile798-1.doc - Word 2007 CPU exhaustion DOS - CPU shoots up to 100 %.\r\n\r\nfile613-1.doc - Word 2007 CPU exhaustion DOS + ding - CPU shoots up to 100\r\n%, and windows goes "ding!"\r\n\r\nevil.hlp - Heap overflow in Windows HLP files - Funky heap overflow crash,\r\nmore than meets the eye (does this sound familiar to anyone?)\r\n\r\n \r\n\r\nThese files can be found at\r\nhttp://www.offensive-security.com/0day/0day.tar.gz\r\n\r\n \r\n\r\nBe safe, \r\n\r\n \r\n\r\nMuts\r\n\r\n \r\n\r\n \r\n", "published": "2007-04-09T00:00:00", "modified": "2007-04-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16628", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:21", "edition": 1, "viewCount": 58, "enchantments": {"score": {"value": 1.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7554"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7554"]}]}, "exploitation": null, "vulnersScore": 1.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645505821}}