OpenOffice - '.slk' Parsing Null Pointer

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1059056 漏洞类型
发布时间 2010-01-19 更新时间 2010-01-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/11192
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Product:

OpenOffice

Tested Vulnerable Versions:

3.1.1 and 3.1.0

Vulnerability:

Null Pointer

Description:

Hellcode Research discovered a null pointer vulnerability in Openoffice for
Windows.

Opening a malformed ".slk" file with Openoffice, causes a crash on
"soffice.bin"

PoC:

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/11192.rar (slk.rar)

Credits:
karak0rsan and murderkey from Hellcode Research

The Computer Cheats (TCC)

Urls:

tcc.hellcode.net

forum.hellcode.net