Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Windows Buffer Overflows
From: dullien () gmx de
Date: Mon, 17 Jun 2002 14:02:17 -0700

Hey Brett,

BM> But because we can write to multiple addresses an exploit can work like
BM> this,
BM>  * locate the static memory address for the exception handler
BM>  * locate another static memory address
BM>  * overwrite the exception handler with the second address
BM>  * overwrite the second address with the required instructions for our
BM> relative jmp
BM>  * cause an exception

I am not sure if what Halvar Flake spoke about at Blackhat Amsterdam
last Fall was the same issue, but it sounds a bit similar.
http://www.blackhat.com/presentations/bh-europe-01/halvar-flake/halvar.ppt,
in the second half there are a few slides on exploitation reliability.

Cheers,
Thomas Dullien


-- 
Mit freundlichen GrĂ¼ssen
dullien () gmx de                            mailto:dullien () gmx de


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]