5013626 2000-04-17  04:29  /32 rader/ Postmaster
Mottagare: Bugtraq (import) <10486>
Ärende: StarOffice 5.1
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: BUGTRAQ@SECURITYFOCUS.COM
X-Sender: lcamtuf@localhost
X-Nmymbofr: Nir Orb Buk
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.LNX.4.10.10004161610400.1219-100000@localhost>
Date:         Sun, 16 Apr 2000 16:11:29 +0200
Reply-To: Michal Zalewski <lcamtuf@TPI.PL>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Michal Zalewski <lcamtuf@TPI.PL>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

Do you remember recent Microsoft Word (and Wordpad) vulnerabilities
while reading .rtf documents? I realized that Sun StarOffice 5.1 is
at least so buggy as M$ products. There are a lot of ways to cause
overflow and crash (or execution of arbitrary code) while viewing
documents - starting from html with <a
href="file://aaaaaaaaalotof...">, which will cause crash on opening
this document itself (you don't have to click that link). Also, any
other document with such hyperlink should cause instant crash (try
saving SO native document - .sdw - with some hyperlinks, then
modyfing it with binary editor). Just one example. Beautiful overflow
while doing strcpy().

1:1, Microsoft's move ;)

_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
(5013626) ------------------------------------------(Ombruten)