Microsoft Windows Text Services memory corruption

vendor:

Microsoft Windows

by:

Francis Provencher

7.8

CVSS

HIGH

Memory Corruption

119

CWE

Product Name: Microsoft Windows

Affected Version From: list

Affected Version To: list

Patch Exists: YES

Related CWE: MS15-020, SA63220

CPE: o:microsoft:windows

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2015

Microsoft Windows Text Services memory corruption

An unspecified error in Windows Text Services can be exploited to cause memory corruption.

Mitigation:

Microsoft released a patch for this issue

Source

Exploit-DB raw data:

#####################################################################################

Application:   Microsoft Windows Text Services memory corruption.

Platforms:   Windows

Versions:   list.

Microsoft: MS15-020

Secunia:   SA63220

{PRL}:   2015-03

Author:   Francis Provencher (Protek Research Lab’s)

Website:   http://www.protekresearchlab.com/

Twitter:   @ProtekResearch

#####################################################################################

1) Introduction
2) Report Timeline
3) Technical details
4) POC

#####################################################################################

===============
1) Introduction
===============

 

Microsoft Corporation  is an American multinational corporation headquartered in Redmond, Washington, that develops, manufactures, licenses, supports and sells computer software, consumer electronics and personal computers and services. Its best known software products are the Microsoft Windowsline of operating systems, Microsoft Office office suite, and Internet Explorer web browser. Its flagship hardware products are the Xbox game consoles and the Microsoft Surface tablet lineup. It is the world’s largest software maker measured by revenues.[5]It is also one of the world’s most valuable companies.[6]

(http://en.wikipedia.org/wiki/Microsoft)

#####################################################################################

============================
2) Report Timeline
============================

2015-02-08: Francis Provencher from Protek Research Lab’s found the issue;
2015-03-04: MSRC confirmed the issue;
2015-03-10: Microsoft fixed the issue;
2015-03-10: Microsoft release a Patch for this issue.

#####################################################################################

============================
3) Technical details
============================

An unspecified error in Windows Text Services can be exploited to cause memory corruption..

#####################################################################################

===========

4) POC

===========

This file need to be open in wordpad.

http://protekresearchlab.com/exploits/PRL-2015-03.rar
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/36336.rar

###############################################################################
Search for: