How to create a DoS condition with MS Word
In this post, I’ll show you how to create an application DoS with MS Word.
Just copy/paste the following XML payload over a Word document if you want to test (save all your work before doing it :))
MS Word parses and tries to resolve all of these entities, resulting (in some circumstances) in an out of system committed memory (virtual memory).
In restricted Desktops and multi-user environments limited to Microsoft Office, an attacker with basic user capabilities can cause a denial-of-service condition by pasting the XML payload into a Word document and therefore, impact other users working on the same environment.
I requested Microsoft to fix this issue, but since there is no further exploitability (no OOB-XXE), they told me that they will not fix anything.
Just another “Microsoft bug” (or feature) 😉