Bugtraq mailing list archives
Re: Windows Buffer Overflows
From: dullien () gmx de
Date: Mon, 17 Jun 2002 14:02:17 -0700
Hey Brett, BM> But because we can write to multiple addresses an exploit can work like BM> this, BM> * locate the static memory address for the exception handler BM> * locate another static memory address BM> * overwrite the exception handler with the second address BM> * overwrite the second address with the required instructions for our BM> relative jmp BM> * cause an exception I am not sure if what Halvar Flake spoke about at Blackhat Amsterdam last Fall was the same issue, but it sounds a bit similar. http://www.blackhat.com/presentations/bh-europe-01/halvar-flake/halvar.ppt, in the second half there are a few slides on exploitation reliability. Cheers, Thomas Dullien -- Mit freundlichen GrĂ¼ssen dullien () gmx de mailto:dullien () gmx de
Current thread:
- Fore/Marconi ATM Switch 'land' vulnerability Seeker of Truth (Jun 15)
- Windows Buffer Overflows Brett Moore (Jun 17)
- Re: Windows Buffer Overflows dullien (Jun 17)
- Windows Buffer Overflows Brett Moore (Jun 17)