mailing list archives
Remote code execution when only able to write 1 byte?
From: nicolas.ruff at gmail.com (Nicolas RUFF)
Date: Sun, 11 Mar 2007 11:31:50 +0100
If you are only able to write over 1 byte of the heap, how would it be
possible to execute arbitrary code? Thanks.
It used to be possible, but starting with Windows XP SP2, heap
structures are cookie-protected and sanity-checked.
It's getting worse with Vista, since heap structures are using XOR-ed
Note that this does *not* apply to non Windows managed heaps (e.g.
Delphi, Cygwin, etc.)
- Nicolas RUFF