Microsoft Office Publisher

2007.12.28

Credit: Juan Pablo Lopez Yacubian

Risk: High

Local: Yes

Remote: No

CVE: CVE-2007-6534

CWE: CWE-noinfo

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

I found two ways to cause a denial of service on the Microsoft Office Publisher, this is done by creating a malformed file with the following characteristics:

The first is to create a new file and modifying hexadicimal with an editor from the direction 00006B90 to 00006D90 with the letter "A", that causes the publisher fails, when you open with a debugger like ollydbg I strip the following exception

Access violation when reading [00000046]

Here I leave the proof of concept

Http://es.geocities.com/jplopezy/prueba.pub

The following causes the crash programme. We make a new file and adds an option to "wordart" inserting many letters "A", we open with a hex editor and change from the direction 000077D0 to 000079B0 with the letter "A".

I leave the proof of concept:

Http://es.geocities.com/jplopezy/prueba2.pub

Juan Pablo Lopez Yacubian

fuzzertina.blogspot.com

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Microsoft Office Publisher

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Microsoft Office Publisher

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.