Exploiting heap overflows on XP SP2

nicolas.falliere_at_gmail.com
Date: 08/18/05

Next message: h1kari_at_toorcon.org: "ToorCon 7 Lineup Finalized & Pre-Registration Ending"

Previous message: Michal Zalewski: "Re: Advice On FireFox Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 18 Aug 2005 15:56:20 -0000
To: vuln-dev@securityfocus.com

('binary' encoding is not supported, stored as-is) Hi,

I describe a new way to exploit heap-based buffer overflows in the following paper:

http://www.packetstormsecurity.com/papers/bypass/bypassing-win-heap-protections.pdf

Basically, one can use critical section related linking structures stored on the process’s default heap to produce a n*4-byte overwrite. Gaining control is another problem, only memory overwrite is discussed in the paper.

Next message: h1kari_at_toorcon.org: "ToorCon 7 Lineup Finalized & Pre-Registration Ending"

Previous message: Michal Zalewski: "Re: Advice On FireFox Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]