Closed GoogleCodeExporter closed 9 years ago
Original comment by scvi...@google.com
on 2 Jun 2015 at 1:02
Original comment by scvi...@google.com
on 19 Aug 2015 at 12:46
Has this bug been patched? Does the "Closed: Aug 18" indicate when the bug was
patched?
Original comment by athmi...@gmail.com
on 25 Aug 2015 at 5:27
Microsoft claims to have patched this bug 8/11/15. This issue was derestricted
7 days after patch. However, the 1981563878_crash.doc file will still cause a
crash dereferencing a NULL pointer:
eax=00000003 ebx=03b502f8 ecx=00000000 edx=00000000 esi=04000000 edi=03b502f4
eip=31249ec0 esp=0012b464 ebp=0012b744 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
wwlib!FMain+0x5909:
31249ec0 8b09 mov ecx,dword ptr [ecx] ds:0023:00000000=????????
0:000> kb L8
ChildEBP RetAddr Args to Child
WARNING: Stack unwind information not available. Following frames may be wrong.
0012b744 31302e45 03b502f4 0e19c9c0 ffffffff wwlib!FMain+0x5909
0012b84c 31305585 01b502f4 00000002 00000000 wwlib!FMain+0xbe88e
0012b880 3131b91c 03b502f4 00000002 03b502f4 wwlib!FMain+0xc0fce
0012b8d8 312a2688 03b502f4 00000002 0012b9dc wwlib!FMain+0xd7365
0012b964 7739b6e3 002503ba 0000000f 00000000 wwlib!FMain+0x5e0d1
Original comment by scvi...@google.com
on 25 Aug 2015 at 6:36
Thank you for your information. Do you know which CVE was assigned to this
issue?
Original comment by athmi...@gmail.com
on 25 Aug 2015 at 6:50
also does 1981563878_min.doc also cause a crash due to dereferencing NULL
pointer after the patch?
Original comment by athmi...@gmail.com
on 25 Aug 2015 at 7:06
Microsoft has assigned a CVE for this bug and I've requested the CVE to MSRC
case number mapping. I haven't heard back yet. Several issues I reported were
released at the same time so it's difficult to map this to back to the CVE on
the bulletin. For now, the best I can say is that it is one of: CVE-2015-2467,
CVE-2015-2468, CVE-2015-2469, CVE-2015-2470, CVE-2015-2477, CVE-2015-2431. I
will update this issue and others when I hear back from Microsoft. And, yes,
the 1981563878_min.doc file will also crash with a NULL deref after the patch.
Original comment by scvi...@google.com
on 25 Aug 2015 at 7:39
That makes sense. Thank you for the information!
Original comment by athmi...@gmail.com
on 25 Aug 2015 at 7:48
Original issue reported on code.google.com by
scvi...@google.com
on 2 Jun 2015 at 12:33Attachments: