Execution of arbitrary code using this vulnerability has been confirmed on English WinXP SP2. In order to exploit this vulnerability successfully, the user must be convinced to import text from a malicious MSWord DOC file. This can be exploited to trigger a stack-based buffer overflow via a specially crafted DOC file that contains an overly long font-name. The unsafe "lstrcpy()" occurs at ImageBase + 0x0000F608 in "Word 6-2000 Filter.xnt". The vulnerable function uses the "lstrcpy()" function to perform unsafe copying of each font-name that is read from the DOC file into a 256-byte stack buffer. The boundary error occurs when the "Word 6-2000 Filter.xnt" DLL is handling the font-names that were read from a MSWord 6 document (DOC). The purpose of this extension is to allow the user to import text into the layout from a MSWord DOC file using the "Rectangle Text Box" tool. QuarkXPress 7.2 for Windows (Evaluation version) with "Word 6-2000 Filter.xnt" version 7.20.0.0 Build 4139Ī stack-based buffer overflow vulnerability exists within the MSWord text-import extension ("Word 6-2000 Filter.xnt") that is distributed with QuarkXpress 7.2. When exploited, the vulnerability allows execution of arbitrary code when the user imports text from a MSWord 6 document (DOC) file. QuarkXPress Word File Import Filter Buffer Overflow VulnerabilityĪ vulnerability has been found in QuarkXPress. QuarkXPress Word File Import Filter Buffer Overflow Vulnerability vuln.sg Vulnerability Research Advisory
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |