2007/05/03

MoAxB #03: WordViewer.ocx 3.2 multiple methods DoS

This component allows you to visualize, create and modify doc files.
Some methods are unable to handle exceptional conditions, and this causes the crash of the application that uses this component.

Online demonstration

Text format

This is the content of registers when the crash happens:

EAX 003042D4
ECX 01642A24
EDX 00000000
EBX 0173EA48
ESP 0173EA1C
EBP 0173EC54
ESI 00200169
EDI 03F2002C UNICODE "AAA..."

EIP 77527420 ole32.77527420

77527420 8501 TEST DWORD PTR DS:[ECX],EAX <-- CRASH