Vulners
Lucene search
Microsoft Word Document (malformed pointer) Proof of Concept
=====
The file I have attached is a very basic two stage bug. stage 1 (the
first mod) forces the code down a wrong path. the second mod by
itsself is harmless, however when used with the first it will be the
first and part of the second overwrite.
I have use 41414141 as a marker to make it easier for you to see.
I have made it crash the wordviewer again to make it more obvious
Weight,
location: 00000274
value : 00000022 - just so it crashes, values 00000001 -> 00000006
are probably the most useful for trying to overwrite a pointer. notice
that neighbouring areas can be weighted the same.
marker,
location: 000027e4
value : 41414141
the weight destination address == ((weight * 4[this is EDI]) + 4 [ECX*4]) + source memory offest[ESI].
[also the meta data is microsofts, not mine]
======
bug hugs,
disco.
poc: http://www.milw0rm.com/sploits/12122006-djtest.doc
# milw0rm.com [2006-12-12]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Dec 2006 00:00Current
7.1High risk
Vulners AI Score7.1