CVE-2007-1347

Microsoft Windows Explorer - Denial of Service via Crafted Office File Document Summary

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1347. PoCs published by Marsu.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft Windows where a malformed .doc file causes a DoS by manipulating pointers in Ole32.dll, leading to a crash when the file is interacted with in Explorer. The PoC demonstrates arbitrary control over registers (EAX, EDX, ESI) via specific offsets in the file.

Description

Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marsu · textdoswindows

https://www.exploit-db.com/exploits/3419

View Code ZIP pw:eip

This exploit targets a vulnerability in Microsoft Windows where a malformed .doc file causes a DoS by manipulating pointers in Ole32.dll, leading to a crash when the file is interacted with in Explorer. The PoC demonstrates arbitrary control over registers (EAX, EDX, ESI) via specific offsets in the file.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows (tested on Windows 2000 SP4 FR and XP SP2 FR)

No auth needed

Prerequisites: Victim interaction with a malformed .doc file in Explorer

MITRE ATT&CK