Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Office Excel 2010 memory corruption
From: Yuhong Bao <yuhongbao_386 () hotmail com>
Date: Sun, 28 Oct 2012 20:31:19 -0700

Of course, if you can control the crash address so it is >=0x1000, then it could be exploitable, but until then it is 
not.

Date: Mon, 29 Oct 2012 06:53:52 +0330
Subject: Re: [Full-disclosure] Microsoft Office Excel 2010 memory corruption
From: kavehghaemmaghami () googlemail com
To: yuhongbao_386 () hotmail com

Yuhong  thank you so much fore sharing

is OK if i ask some question ? if its ok  you can answer me

what is the fast way to find out crash cause like use-after-free
double free and heap corruption ?
i mean to figure out if there is heap corruption like use-after free
double free etc ....

this crash analayzer scares me

look at the crash was null pointer and how the hell other guy analyze
it and found out its exploitable

http://securityevaluators.com/files/papers/CrashAnalysis.pdf

Best Regards

On Mon, Oct 29, 2012 at 6:30 AM, Yuhong Bao <yuhongbao_386 () hotmail com> wrote:
How can i make sure a crash is not exploitable?
Look at the crash address (null dereference will be < 0x1000) and type of
exception.
Also type G in WinDbg to see if it is handled.
                                          
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]