|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Developing exploit for a tricky vulnerability
From: John Paterson (john9434
gmail.com)
Date: Fri Jun 29 2007 - 06:31:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Here is the scenario:
There is a buffer located on the heap beginning at address A. I can
overwrite any dword-aligned memory location between A and A+S, where S
is the size of exploit file divided by 2. This is the tricky part -
the value written must be in the range from 0 to FFFF. This is not a
typical heap overflow - in orther to overwrite location X I don't need
to overwrite all locations between A and X, I can overwrite just X.
Multiple locations can be overwritten with different values.
Target platform is Windows XP.
Any ideas how to exploit this?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]