Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: A A (hd78432yahoo.com)
Date: Fri Sep 09 2005 - 06:52:06 CDT
The HOD exploit for ms05-39 has been tested on windows
2000 sp4. Based upon the comments in the machine code
for the rpc call I am assuming the return address for
the buffer overflow to be 0x767a1567. Is this memory
address the return address for the buffer overflow?
If it is the case that this address is the return
address for the buffer overflow the code that it
returns to looks something like this:
Why would overflowing to an address that pops a value
into the eax register cause this program to become
vulnerable? I don't see why overflowing to this
address would cause a program to become vulnerable.
Does anyone know what the machine code looks like
exactly before the spot in the vulnerable program
where this vulnerability occurs?
Click here to donate to the Hurricane Katrina relief effort.