TUCoPS :: Windows Apps :: bx3210.htm

Microsoft word javascript execution
Microsoft word javascript execution
Microsoft word javascript execution


Products affected: Microsoft word 2003/2007=0D
OS Tested : Windows Xp all patch=0D
=0D
The vulnerability is that you can run javascript in an arbitrary manner without permission of the user. While it is limited what you can get to run, this may help attackers using methods that distort the environment javascript to tempt execute a malicious file. It also could run a page without the permission of the user to include any vulnerability or a script malignant in the user's browser.=0D
=0D
To make the proof of concept follow the following steps=0D
=0D
1-Make a html file and paste xss code=0D
2-Open the html file with the word and save as =93document xml=94=0D
3-Rename .xml to .doc=0D
4-Open .doc file=0D
=0D
XSS=0D
---------------------------------------------------------=0D
=0D
=0D
----------------------------------------------------------=0D
=0D
It is important to include the tag  because it makes it to interpret the code followed.=0D
=0D
One curiosity is that using this method and inserting a malformed object causing a denial of service.Significantly, the file must be saved with an RTF not with the DOC.=0D
=0D
Crash=0D
--------------------------------------------------=0D
=0D
 =0D
---------------------------------------------------=0D
	=0D
I leave some proof of concept that simply open a alert and another that leads to denial of services.=0D
=0D
XSS=0D
http://es.geocities.com/jplopezy/xss.doc=0D 
=0D
CRASH=0D
=0D
http://es.geocities.com/jplopezy/crash.rtf=0D 
=0D
=0D
=0D
Juan Pablo Lopez Yacubian

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH