Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Format string and other vulnerabilities on win32
From: "Andrew Thomas" <andrew () generator co za>
Date: Fri, 20 Dec 2002 11:07:39 +0200

Visit http://www.Generator.co.za for more information


I'm wondering if anyone has discovered and successfully exploited any format
string vulnerabilites on Win32?

I've played around with code in DJGPP environment, and broken the code, but not
been able to dedicate the time and effort to figuring out exactly what I was
getting out/in, and *where*.

Also, to find vulnerabilities in win32, Halvar Flake discussed using IDA Pro
with scripts to search for badly formed function calls. Has anyone used scripts
to do blackbox analysis on major products?

Lastly, considering that MS VC++ designed products use a standard library, would
it not be possible to investigate closed source applications and find e.g.
strcpy calls by setting breakpoints with SoftIce or some other debugger?

  Andrew Thomas.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Format string and other vulnerabilities on win32 Andrew Thomas (Dec 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]