Can anyone tell me the name of the function or
memory location where the vulnerability occurs (and in
either the .exe or one of the .dlls)? I've been
digging for this for a while.
--- A A <hd78432_at_yahoo.com> wrote:
> The HOD exploit for ms05-39 has been tested on
> windows
> 2000 sp4. Based upon the comments in the machine
> code
> for the rpc call I am assuming the return address
> for
> the buffer overflow to be 0x767a1567. Is this
> memory
> address the return address for the buffer overflow?
>
> If it is the case that this address is the return
> address for the buffer overflow the code that it
> returns to looks something like this:
> "pop eax
> pop esi
> ret"
> Why would overflowing to an address that pops a
> value
> into the eax register cause this program to become
> vulnerable? I don't see why overflowing to this
> address would cause a program to become vulnerable.
>
>
> Does anyone know what the machine code looks like
> exactly before the spot in the vulnerable program
> where this vulnerability occurs?
>
>
>
>
>
______________________________________________________
> Click here to donate to the Hurricane Katrina relief
> effort.
> http://store.yahoo.com/redcross-donate3/
>
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
Received on Sep 13 2005
Intro
