-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Let's go on the fast publishing :) I wont bother to message microsoft about this because they wont patch it for sure according that they can't patch fully exploitable bugs in a decent time, they do not patch IE dos (http://heapoverflow.com/IEcrash.htm), so no way to bother them, we should let them sleep a bit shhh ;) Bugs 1 and Bugs 2 are quite similiar but NOT, both are null pointer bugs . In bug1 you should mod a grafic's pointer to point to a bad area, and in bug 2 you should null out the size of the page name. attached are the 2 pocs, nor here are direct links http://heapoverflow.com/excelol/bug1.xls http://heapoverflow.com/excelol/bug2.xls Credits: AD [at] heapoverflow.com - ------------------- class101 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ6aRBK+LRXunxpxfAQKSHxAAucyw3lKI7mfbc4y5wjRNDXP5UnE7WSuJ Z0j5xR/O666IkJ6s9ymoOwIO8flK9IvBoPKO6G5CxK0QWJSqHahfj1JDnEQSslGr HYe+IOhr0JZ94AnqiCzF1gRevFDtDD8dYhEk41TvEIs67x43gAoHW6m/eMTxgOfn HaF+7X7O5ovYK4nAe8wy2dsk2vzbvx0WTnERX+a1c3/OBXp/z6KuEevL8HFGdkZu lk57U8jSzoEAGGtwiPlv7IN67Oz58uOHvQmjYuZhaVzpGU8v55qszHeR/VGy4KZC BKyFZlXUVZc1zj+OEdRIznoGvC62QAmHIxF863U1KDlZaUGtqOOQv15yugDmODOY gwzNdBkKnMbrM9B2yskbQB3e9kI3kwwG0lOKydhuOViF4AScBb5ckrKHybjKnv8c 0Q7kqx/CeEVf0UcMaf69A5X5FeH8xC4zAKjiM5VXTgyPtKuO7t6Z9NkdO01AWjSz QunfGmmOEu3x2BN/x3dZL9D4vt3Im+f592vrwkiAGwws5gMsq15recZy4LIEMz1Y 4Gaf5kxpYs4OSkVNZjLoFj9LPeH1sGL5pOp6mQMq8P+YzS3RovDPrBLI/Kt89C2/ ycOaPXmWP5dD/ZPRC+r2lmqWzdd9d9MXE/8XrNqHHHuods7SgMqbLwCQX0VTf3Fx WCSSdl+ab+Q= =8nFj -----END PGP SIGNATURE-----
This archive was generated by hypermail 2.1.3 : Mon Dec 19 2005 - 08:47:17 PST