Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

ms08-067 Exploit Technologies
From: yuange <yuange1975 () hotmail com>
Date: Fri, 29 Jan 2010 14:24:20 +0000


 

http://hi.baidu.com/yuange1975/blog/item/d648f4f0e1a925c87931aad7.html

 

the exploit need two  0x5c, one is len,the other is ptr .you can control ptr .

 

 

 

memory:

 

  
vista:      0x00000209     len=5c 0x00000209     ch=0x0000005c        a       b     ebp    ret   00000000 outcopy   ptr 
e out    bbbbbb
                                                

win2003:      len=0x0000005c    wcslen    ptr1   ecx    ebp ret    00000000     outcpy    ptr e   out    bbbbbb
                                                             

winxp:        len=0x0000005c     wcslen     ptr1 ecx    ebp ret     00000000    outcpy   ptr e    out     bbbbbb
          


win2000:    ptr   5c             r    00000000    outcpy     ptr bbbbbbbbbbbbbbbbb out
                                                                                
  

 

 

 

                                                             yuange

 

                                        http://hi.baidu.com/yuange1975/blog
                                          
_________________________________________________________________
SkyDrive电子画册,带你领略精彩照片,分享“美”时“美”刻!
http://www.windowslive.cn/campaigns/e-magazine/ngmchina/?a=c
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • ms08-067 Exploit Technologies yuange (Jan 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault