/*****************************************************************************\ * Microsoft Windows .doc File Malformed Pointers DoS * * * * * * * * Just move your mouse on the file and explorer crashes. If it does not try * * to look at file properties. * * Bug comes from Ole32.dll: * * CMP DWORD PTR DS:[EAX+EBX],3 and we can set EAX, EDX and ESI with arbitrary * * values. * * * * Check the file, magic offsets are * * 4460 -> EDX * * 4519 -> ESI * * * * * * Successfully tested on Windows 2000 SP4 FR and XP SP2 FR. * * * * Coded by Marsu * \*****************************************************************************/ https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/3419.tar (03062007-Explorer_Crasher.tar) # milw0rm.com [2007-03-06]