Microsoft Office 2010 BCSAutogen.dll – Remote Unhandled exception Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft Office 2010 Component  BCSAutogen.dll
Date: 10/10/2011
Product: Microsoft Office 2010 Component  BCSAutogen.dll
Vendor: Notified
Internal Id: MSRC 11641

We have discovered that the product “Microsoft Office 14 Component  BCSAutogen.dll” presents a big hole regarding an unhandled exception rather than a memory corruption, crashing the application when you run special  code .

Vendor Statement:

Microsoft Security Response Center has investigated this issue and it results as  an unhandled exception rather than a memory corruption. Based on this, this issue can’t be exploited to execute arbitrary code and it results in a stability bug. This issue will be considered to be resolved in a future release.

Remediation:

Microsoft is working to solve this error .

POC: Available

 

Leave a Reply