0×03 Office 2007: 4 bugs, 3 hours, 7 lines of python fuzzer

Muts (BackTrack guy) has claimed that he has found 4 zero day vulnerabilities in Windows office 2007 suite using 7 lines of python fuzzer code in just 3 hours.

Here are the details on each vulnerabilities and possible exploitation
=================================================================

+ Unspecified Overflow in word 2007 – Crash in wwlib.dll . Code execution is not trivial.
+ Word 2007 CPU exhaustion DOS – CPU shoots up to 100 %.
+ Word 2007 CPU exhaustion DOS + ding – CPU shoots up to 100 %, and windows goes .ding!.
+ Heap overflow in Windows HLP files – Funky heap overflow crash.

The files can be found at http://www.offensive-security.com/0day/0day.tar.gz

Note : These are not normal bugs. The documents in this zip file are actually POC files to demonstrate the above mentioned security vulnerabilities and just opening this file may not be good for your system’s health :)

If 7 lines of python can find these many vulnerabilities in mere 3 hours, then you can imagine how secure is Office 2007 which has gone through extensive security screenings. Its going to be treat for security researchers :)

- Signing out -
Nagareshwar Talekar

~ by tnagareshwar on April 10, 2007.

Posted in computer security, vulnerability research

4 Responses to “0×03 Office 2007: 4 bugs, 3 hours, 7 lines of python fuzzer”

  1. Why not provide those 7 lines? it sounds strange that so little number of lines would cause so many problems.

    Willy Fuz said this on April 13, 2007 at 5:16 pm | Reply

  2. I don’t own any of the code. You may want to catch MUTS at #remote-exploit on irc.freenode.org for more fun :)

    tnagareshwar said this on April 13, 2007 at 10:32 pm | Reply

  3. Hey Naga, that’s an interesting stuff indeed.

    Manojna said this on April 14, 2007 at 10:40 pm | Reply

  4. Yeah, lets see those 7 lines of code. :)

    tom ferris said this on May 25, 2007 at 10:52 pm | Reply

Leave a Reply