Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted files allows for denial of service and buffer overrun conditions. Affected by the denial of service condition are Microsoft Works versions 6.0 through 8.x, 4.x/2000, Works for Windows 3.0, Works for Windows 2.0, Works for DOS, Excel 4.0, and Lotus 1-2-3. Affected by the buffer overrun condition are Excel 97 through 2000 and Excel 5.0/95.
9c46ac9f46d7da3d3a37c864079b4089a79a55364bb70588820733f2dd6555f8
Microsoft Works - Buffer Overflows / Denial of Service (DoS)-Vulnerabilities
... discovered by Benjamin Tobias Franz
Affected Vendor:
Microsoft
Affected Product:
Microsoft Works
Description:
Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted
files. All supported file formats (except plain text files) are affected
(eight different bugs):
Works 6.0-8.x => Denial of Service (DoS) - 99% CPU usage
Works 4.x/2000 => Denial of Service (DoS) - Crash (msvcr71.dll)
Works for Windows 3.0 => Denial of Service (DoS) - Crash
Works for Windows 2.0 / Works for DOS => Denial of Service (DoS) - Crash
Excel 97-2000 => Buffer Overrun
Excel 5.0/95 => Buffer Overrun
Excel 4.0 => Denial of Service (DoS) - Crash
Lotus 1-2-3 => Denial of Service (DoS) - Crash (msvcr71.dll)
Exploitable:
Yes
Workaround:
Do not open any spreadsheet file from untrusted sources with Microsoft
Works.
Proof-of-Concept files (simple demonstration files only):
http://hometown.aol.de/qwertzset/BTFs_MSWorksSpreadsheet_PoCFiles.zip
Date of discovery:
10. - 13. Juli 2006
Tested software:
Microsoft Works 8.0 on Windows XP SP2
(wksss.exe: 8.4.702.0 | msvcr71.dll: 7.10.3052.4)
Possibly some of the bugs are fixed in version 8.5. Test it...
Regards,
Benjamin Tobias Franz,
Germany