Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

A little help??

From: <dbd () hushmail com>
Date: Tue, 9 Mar 2004 11:16:29 -0800
I am trying to get into the world of exploit research, but I've hit kind
of a stumbling block.

I have read a couple of great books on how to write exloits, disassembling,
 etc, but all of the examples are always very contrived and don't really
match what to look for in the real world.

Using the MS ASN.1 vulnerability as an example, I have a question:

How was Eeye able to determine which function the heap overflow existed
in.  I have been able to trace through the msasn1.dll, but I can't figure
out how to find the exact function that contains the overflow.

I'm just using this example due to the fact that I just happened to have
a machine that wasn't patched yet.  If there is a better example to use
to understand how this works, please help me out from that perspective.
 

Thanks to anyone who might be able to help out.

.\m/



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
Previous By Date Next
Previous By Thread Next

Current thread: