2007/05/02

MoAxB #02: ExcelViewer.ocx 3.1 multiple methods DoS

This component allows you to visualize, create and modify xls files.
Some methods are unable to handle exceptional conditions, and this causes the crash of the application that uses this component.

Online demonstration

Text version

This is the content of registers when the crash happens:

EAX 003042D4
ECX 01642A34
EDX 00000000
EBX 0173EA58
ESP 0173EA2C
EBP 0173EC64
ESI 00200169
EDI 03C20024 UNICODE "AAA..."

EIP 77527420 ole32.77527420

77527420 8501 TEST DWORD PTR DS:[ECX],EAX <-- CRASH