Exotic vulnerability


I'm trying to develop an exploit for a product in which I found a
vulnerability and that is the most "exotic" one I found. The following C
source recreates the vulnerability:

#include <stdio.h>

void func(int var)
__asm__("mov (%eax), %eax");
__asm__("call *%eax");


int main(int argc, char *argv[])
int i;

printf("Value is 0x%x\n", atoi(argv[1]));
i = atoi(argv[1]);

When the process calls the function "func" EAX has the value stored in the
variable "i", next the process makes the call "mov (%eax), %eax" and next
calls %eax. I have not be found a way to exploit it.

Any ideas in how can be exploited to execute arbitrary code? BTW, I'm trying
to exploit it under Linux x86.

Joxean Koret

View this message in context: http://www.nabble.com/Exotic-vulnerability-tf3983982.html#a11311064
Sent from the Vulnerability Development mailing list archive at Nabble.com.

Relevant Pages