Vuln Dev
Exotic vulnerability Jun 26 2007 06:23PM
joxeankoret (joxeankoret yahoo es) (1 replies)


I'm trying to develop an exploit for a product in which I found a
vulnerability and that is the most "exotic" one I found. The following C
source recreates the vulnerability:

#include <stdio.h>

void func(int var)
__asm__("mov (%eax), %eax");
__asm__("call *%eax");


int main(int argc, char *argv[])
int i;

printf("Value is 0x%x\n", atoi(argv[1]));
i = atoi(argv[1]);

When the process calls the function "func" EAX has the value stored in the
variable "i", next the process makes the call "mov (%eax), %eax" and next
calls %eax. I have not be found a way to exploit it.

Any ideas in how can be exploited to execute arbitrary code? BTW, I'm trying
to exploit it under Linux x86.

Joxean Koret

View this message in context:
Sent from the Vulnerability Development mailing list archive at

[ reply ]
Re: Exotic vulnerability Jun 28 2007 09:24AM
Thomas Pollet (thomas pollet gmail com)


Privacy Statement
Copyright 2010, SecurityFocus