0x00 Crashes

Take a look at the video.

Once, I have been writing pen test report for one of my clients. I wrote the report, of course, using the most popular text editor - Microsoft Word. I was very surprised when Word stopped responding after inserting the payload used to perform XML Bomb DoS attack. I repeated the test with the same result, stating that the program ate all the available RAM. The tested version was current version at the moment - a thick client supplied with Office 365 (MSO (16.0.10228.20134 64 bit). I also checked other MS Office programs - Outlook and older versions of Word were also affected. Look at the movies. Timeline: 2018-08-06: Microsoft replay: 2018-08-01: Microsoft requested about more information 2018-07-31: Issue reported Payload used to DoS MS Word: <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol

Summary Version: 6.5 Exploitable crashes: 7 Probably exploitable crashes: 2 Files to reproduce crashes:  github Download Fast Stone 6.5:  github * Fast Stone was asked if they want to get more details about bugs 3th August 2018. I have no received any answer since then. Details Exploitable #1 WinDbg log: Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 Copyright (c) Microsoft Corporation. All rights reserved. CommandLine: FSViewer.exe "C:\Documents and Settings\Administrator\Desktop\fs\0xe3f29929.0xf424ea35_0x2d5eeb54.0x25c57d8b_0xa35355bf.0xe2d4da0c_0xcc5b708b.0x512f4c53\sf_1958cb29fd7f80970fde7bb6755c989e.tiff" 0:000> g;!analyze -v;kb;r;!load msec.dll;!exploitable -v ModLoad: 10000000 1000d000 C:\FOE2\certfuzz\hooks\winxp\Release\hook.dll ModLoad: 74720000 7476c000 C:\WINDOWS\system32\MSCTF.dll ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll ModLoad: 5edd0000 5