MS Windows (.doc File) Malformed Pointers Denial of Service Exploit

2007-03-08T00:00:00
ID SSV:6339
Type seebug
Reporter Root
Modified 2007-03-08T00:00:00

Description

No description provided by source.

                                        
                                            
                                                /*****************************************************************************
*            Microsoft Windows .doc File Malformed Pointers DoS               *
*                                                                             *
*                                                                             *
*                                                                             *
* Just move your mouse on the file and explorer crashes. If it does not try   *
* to look at file properties.                                                 *
* Bug comes from Ole32.dll:                                                   *
* CMP DWORD PTR DS:[EAX+EBX],3 and we can set EAX, EDX and ESI with arbitrary *
* values.                                                                     *
*                                                                             *
* Check the file, magic offsets are                                           *
* 4460 -> EDX                                                                 *
* 4519 -> ESI                                                                 *
*                                                                             *
*                                                                             *
* Successfully tested on Windows 2000 SP4 FR and XP SP2 FR.                   *
*                                                                             *
*                Coded by Marsu <MarsupilamiPowa@hotmail.fr>                  *
*****************************************************************************/

http://www.milw0rm.com/sploits/03062007-Explorer_Crasher.tar