[security-alerts] FYI: 2x 0day Microsoft Windows Excel

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

Коллеги, а вот и что-то более реальное - если кто-то будет анализировать, 
скажите, насколько это серьезно.


----------
Message: 3
Date: Mon, 19 Dec 2005 11:52:52 +0100
From: "ad@xxxxxxxxxxxxxxxx" <ad@xxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] 2x 0day Microsoft Windows Excel
To: full-disclosure@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx
Message-ID: <43A69104.9080904@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Let's go on the fast publishing :)
I wont bother to message microsoft about this because they wont patch it
for sure according that they can't patch fully exploitable bugs in a
decent time, they do not patch IE dos
(http://heapoverflow.com/IEcrash.htm), so no way to bother them, we
should let them sleep a bit shhh ;)

Bugs 1 and Bugs 2 are quite similiar but NOT, both are null pointer bugs
. In bug1 you should mod a grafic's pointer to point to a bad area, and
in bug 2 you should null out the size of the page name.


attached are the 2 pocs, nor here are direct links


http://heapoverflow.com/excelol/bug1.xls
http://heapoverflow.com/excelol/bug2.xls



Credits:

AD [at] heapoverflow.com