|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: StarOffice 5.1
From: Michal Zalewski (lcamtuf
TPI.PL)Date: Sun Apr 16 2000 - 09:11:29 CDT
- Next message: Dan Harkless: "nmh-1.0.4 released"
- Previous message: Michal Zalewski: "XFree86 server overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Do you remember recent Microsoft Word (and Wordpad) vulnerabilities while
reading .rtf documents? I realized that Sun StarOffice 5.1 is at least so
buggy as M$ products. There are a lot of ways to cause overflow and crash
(or execution of arbitrary code) while viewing documents - starting from
html with <a href="file://aaaaaaaaalotof...">, which will cause crash on
opening this document itself (you don't have to click that link). Also,
any other document with such hyperlink should cause instant crash (try
saving SO native document - .sdw - with some hyperlinks, then modyfing it
with binary editor). Just one example. Beautiful overflow while doing
strcpy().
1:1, Microsoft's move ;)
_______________________________________________________
Michal Zalewski [lcamtuftpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
- Next message: Dan Harkless: "nmh-1.0.4 released"
- Previous message: Michal Zalewski: "XFree86 server overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]