Back to list
Developing exploit for a tricky vulnerability
Jun 29 2007 11:31AM
John Paterson (john9434 gmail com)
Here is the scenario:
There is a buffer located on the heap beginning at address A. I can
overwrite any dword-aligned memory location between A and A+S, where S
is the size of exploit file divided by 2. This is the tricky part -
the value written must be in the range from 0 to FFFF. This is not a
typical heap overflow - in orther to overwrite location X I don't need
to overwrite all locations between A and X, I can overwrite just X.
Multiple locations can be overwritten with different values.
Target platform is Windows XP.
Any ideas how to exploit this?
[ reply ]
Copyright 2010, SecurityFocus