Exploiting heap overflows on XP SP2

nicolas.falliere_at_gmail.com
Date: 08/18/05

  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: SharePoint securization"
    Date: 18 Aug 2005 08:18:33 -0000
    To: focus-ms@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) Hi,

    I describe a new way to exploit heap-based buffer overflows in the following paper:

    http://www.packetstormsecurity.com/papers/bypass/bypassing-win-heap-protections.pdf

    Basically, one can use critical section related linking structures stored on the processís default heap to produce a n*4-byte overwrite. Gaining control is another problem, only memory overwrite is discussed in the paper.

    NF

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: SharePoint securization"