35 lines
No EOL
1.2 KiB
Text
35 lines
No EOL
1.2 KiB
Text
Title : Microsoft Publisher 2013 memory corruption
|
|
Version : Microsoft Office Publisher professional Plus 2013
|
|
Date : 2012-11-11
|
|
Vendor : http://office.microsoft.com
|
|
Impact : Med/High
|
|
Contact : coolkaveh [at] rocketmail.com
|
|
Twitter : @coolkaveh
|
|
tested : Windows 7
|
|
###############################################################################
|
|
Bug :
|
|
----
|
|
memory corruption during the handling of the pub files a context-dependent attacker
|
|
can execute arbitrary code.
|
|
----
|
|
################################################################################
|
|
(c90.abc): Access violation - code c0000005 (first chance)
|
|
First chance exceptions are reported before any exception handling.
|
|
This exception may be expected and handled.
|
|
eax=00000000
|
|
ebx=02000147
|
|
ecx=5eb37768
|
|
edx=00000000
|
|
esi=0031d66c
|
|
edi=0031d6c0
|
|
eip=00000000
|
|
esp=0031d99c
|
|
ebp=0031d9b0 iopl=0 nv up ei pl zr na pe nc
|
|
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
|
|
00000000 ?? \
|
|
|
|
################################################################################
|
|
Proof of concept included.
|
|
|
|
http://www37.zippyshare.com/v/79789962/file.html
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22655.rar |