DDE Exploit (Repost)

On October 9th 2017 an interesting method was detailed in order to execute arbitrary code in Microsoft Word with the use of the Dynamic Data Exchange (DDE Protocol). The method was described in detail by Etienne Stalmans & Saif El-Sherei in a sense post blog post.

So, what is the DDE protocol? According to Microsoft:

Windows provides several methods for transferring data between applications. One method is to use the Dynamic Data Exchange (DDE) protocol. The DDE protocol is a set of messages and guidelines. It sends messages between applications that share data and uses shared memory to exchange data between applications. Applications can use the DDE protocol for one-time data transfers and for continuous exchanges in which applications send updates to one another as new data becomes available.”

Continue reading DDE Exploit (Repost)

$MFT Bug (Re-post)

$MFT Bug

An error in Microsoft Windows prior to Windows 10 when processing access to the root $ MFT file in the root directory may cause the system to crash. This can be exploited by attackers to trigger a denial-of-service. The $ MFT file is used by the NTFS file system to store metadata. The access to this file is normally only for the operating system itself. Access attempts to this file by users are usually blocked, however, if a user tries to access this file as a directory, for example, using “c:  \  $ MFT  \  123”, NTFS blocks the file and does not release it. All other operations that access the file system must wait for the file to be released. This leads to a system blockage or to a complete system crash. According to current knowledge, Windows 10 is not affected by this problem*.

Continue reading $MFT Bug (Re-post)