Monday, January 19, 2009

Vulnerabilities & proofs-of-concept

During this week, securityfocus, have reported a number of vulnerabilities in several applications where, as usual, one can not miss for Microsoft environments. Given that these "unsafe gaps" in planning the program allows to conduct attacks of various kinds, it's interesting to know the potential that can exploit a vulnerability through proofs-of-concept.

Office Viewer AcitveX Controls (OCX)
Office Viewer presents a series of vulnerabilities in ActiveX controls that allow you to edit and view Microsoft Office files from your web browser. This implies the possibility of an attacker to execute arbitrary code with the privileges of the current user.

There are a number of PoC on these vulnerabilities:
http://downloads.securityfocus.com/vulnerabilities/exploits/33245.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_powerpoint.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33238_word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33222.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-office.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-powerpoint.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-word.html
http://downloads.securityfocus.com/vulnerabilities/exploits/33243-excel.html


Microsoft Knowledge Base
How to prevent the execution of an ActiveX control in IE

NullSoft Winamp v5.3.2 & sup
Since this version of Winamp, there defects in the processing of mp3 files and AIIF (Audio Interchange File Format) by which, through mp3 file or AIFF intentionally manipulated could cause a buffer overflow to allow an attacker to execute arbitrary code with the privileges of the current user. There is a PoC for this weakness:

http://downloads.securityfocus.com/vulnerabilities/exploits/33226.pl

Microsoft Windows Compiled HTML Help Handling Buffer Overflow
The Compiled HTML Help (CHM) is a document format, commonly used in help files for Microsoft Windows. Through an intentional manipulation of this style can exploit a vulnerability in Windows XP SP3 causing a buffer overflow.

http://downloads.securityfocus.com/vulnerabilities/exploits/33204.pl

# Jorge Mieres

No comments: