Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities ... discovered by Benjamin Tobias Franz Affected Vendor: Microsoft Affected Product: Microsoft Works Description: Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted files. All supported file formats (except plain text files) are affected (eight different bugs): Works 6.0-8.x => Denial of Service (DoS) - 99% CPU usage Works 4.x/2000 => Denial of Service (DoS) - Crash (msvcr71.dll) Works for Windows 3.0 => Denial of Service (DoS) - Crash Works for Windows 2.0 / Works for DOS => Denial of Service (DoS) - Crash Excel 97-2000 => Buffer Overrun Excel 5.0/95 => Buffer Overrun Excel 4.0 => Denial of Service (DoS) - Crash Lotus 1-2-3 => Denial of Service (DoS) - Crash (msvcr71.dll) Exploitable: Yes Workaround:Do not open any spreadsheet file from untrusted sources with Microsoft Works.
Proof-of-Concept files (simple demonstration files only): http://hometown.aol.de/qwertzset/BTFs_MSWorksSpreadsheet_PoCFiles.zip Date of discovery: 10. - 13. Juli 2006 Tested software: Microsoft Works 8.0 on Windows XP SP2 (wksss.exe: 8.4.702.0 | msvcr71.dll: 7.10.3052.4) Possibly some of the bugs are fixed in version 8.5. Test it... Regards, Benjamin Tobias Franz,Germany
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.