Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Dailydave: Re: Vista SP1

Re: Vista SP1

From: Dave Aitel <dave_at_immunityinc.com>
Date: Fri, 25 Apr 2008 10:54:22 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Aitel wrote:
| I've been told (although I did not write that exploit, Kostya did) that
| you end up using opcodes in your bytecode stream to get execution. This
| would mean that the bytecode stream has to be executable, which SP1
| breaks. Not that this breaks the many other ways you can write the
| exploit, but it would make it slightly harder.
|
| I could be wrong on this
| -dave

Kostya tells me I'm misunderstood him and that you're only protected
from that technique if you've done "OptOut" which is not the default.

Still, it would be cool to defeat DEP with this exploit. Perhaps without
any x86 at all!

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIEfCdtehAhL0gheoRAi0vAJ4srUznlAC+1seavIsrXPMJ59NHLwCeNKVI
Y86cPFqo31TsLTGgyultPR8=
=dLSe
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Received on Apr 25 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]