5013626 2000-04-17 04:29 /32 rader/ Postmaster Mottagare: Bugtraq (import) <10486> Ärende: StarOffice 5.1 ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: BUGTRAQ@SECURITYFOCUS.COM X-Sender: lcamtuf@localhost X-Nmymbofr: Nir Orb Buk MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: <Pine.LNX.4.10.10004161610400.1219-100000@localhost> Date: Sun, 16 Apr 2000 16:11:29 +0200 Reply-To: Michal Zalewski <lcamtuf@TPI.PL> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Michal Zalewski <lcamtuf@TPI.PL> X-To: BUGTRAQ@SECURITYFOCUS.COM To: BUGTRAQ@SECURITYFOCUS.COM Do you remember recent Microsoft Word (and Wordpad) vulnerabilities while reading .rtf documents? I realized that Sun StarOffice 5.1 is at least so buggy as M$ products. There are a lot of ways to cause overflow and crash (or execution of arbitrary code) while viewing documents - starting from html with <a href="file://aaaaaaaaalotof...">, which will cause crash on opening this document itself (you don't have to click that link). Also, any other document with such hyperlink should cause instant crash (try saving SO native document - .sdw - with some hyperlinks, then modyfing it with binary editor). Just one example. Beautiful overflow while doing strcpy(). 1:1, Microsoft's move ;) _______________________________________________________ Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----= (5013626) ------------------------------------------(Ombruten)