Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: Exploiting in Unicode and XP SP2

RE: Exploiting in Unicode and XP SP2

From: Ben Nagy <ben_at_iagu.net>
Date: Wed, 7 Jun 2006 10:24:07 +0700

> -----Original Message-----
> From: Ivan Stroks [mailto:ivanstroks_at_yahoo.co.nz]
> Sent: Tuesday, June 06, 2006 10:30 PM
> To: vuln-dev_at_securityfocus.com
> Subject: Exploiting in Unicode and XP SP2
>
> I am trying to exploit a stack buffer overflow in a
> Windows Application running in XP SP2.
[...]
> . I have found an address with a call [ebp+30] in
> Unicode.nls. In Windows 2000, I can execute the
> instruction located in that memory space, where as in
> XP, I cannot. Does XP prevent the execution of
> intructions, if the memory hasn't Execute access?
> Because I can execute in W2K, but not in XP.

Yes, XPSP2 does (under the default software DEP settings). The protection is
not generic unless you're using hardware DEP, but the page status is checked
during exception handling, so it won't dispatch to an NX page.

ben
Received on Jun 07 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos