0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WPS Office < 2016 - '.ppt' drawingContainer Memory Corruption
[##################################################################################### Application: WPS Office Platforms: Windows Versions: Version 2016 Author: Francis Provencher of COSIG Twitter: @COSIG_ ##################################################################################### 1) Introduction 2) Report Timeline 3) Technical details 4) POC ##################################################################################### =============== 1) Introduction =============== WPS Office (an acronym for Writer, Presentation and Spreadsheets,[2] previously known as Kingsoft Office) is an office suite for Microsoft Windows, Linux,[1] iOS[3] and Android OS,[4] developed by Zhuhai-basedChinese software developer Kingsoft. WPS Office is a suite of software which is made up of three primary components: WPS Writer, WPS Presentation, and WPS Spreadsheet. The personal basic version is free to use, but a watermark is printed on all printed output after the 30 day trial ends. (https://en.wikipedia.org/wiki/WPS_Office) ##################################################################################### ============================ 2) Report Timeline ============================ 2015-12-31: Francis Provencher from COSIG report the issue to WPS; 2016-01-04: WPS security confirm this issue; 2016-01-14: COSIG ask an update status; 2016-01-21: COSIG ask an update status; 2016-02-01: COSIG release this advisory; ##################################################################################### ============================ 3) Technical details ============================ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WPS. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the handling of a crafted Presentation files with an invalid “Length” header in a drawingContainer. By providing a malformed .ppt file, an attacker can cause an memory corruption by dereferencing an uninitialized pointer. ##################################################################################### =========== 4) POC =========== http://protekresearchlab.com/exploits/COSIG-2016-06.ppt https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39397.zip ############################################################################### # 0day.today [2024-11-15] #