I said NULL pointer is not exploitable _by itself_. Ability to control
unhandled exception filter is different vulnerability. NULL pointer in
this case is not exploitation vector, it's only used to initiate attack.
--Thursday, November 2, 2006, 10:01:19 PM, you wrote to 3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]:
JA> 3APA3A a écrit :
>> Dear xxxx (at) gmail (dot) com [email concealed],
>>
>> NULL pointer dereference is not exploitable to code execution by itself.
>>
>>
JA> Hi,
JA> you should be interested by this
JA> http://metasploit.blogspot.com/2006/08/putting-fun-in-browser-fun.html
JA> + a little tool
JA> https://www.securinfos.info/outils-securite-hacking/uSEH.rar
JA> /JA
--
~/ZARAZA
Íåïðèÿòíîñòè íà÷íóòñÿ â âîñåìü. (Òâåí)
I said NULL pointer is not exploitable _by itself_. Ability to control
unhandled exception filter is different vulnerability. NULL pointer in
this case is not exploitation vector, it's only used to initiate attack.
--Thursday, November 2, 2006, 10:01:19 PM, you wrote to 3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]:
JA> 3APA3A a écrit :
>> Dear xxxx (at) gmail (dot) com [email concealed],
>>
>> NULL pointer dereference is not exploitable to code execution by itself.
>>
>>
JA> Hi,
JA> you should be interested by this
JA> http://metasploit.blogspot.com/2006/08/putting-fun-in-browser-fun.html
JA> + a little tool
JA> https://www.securinfos.info/outils-securite-hacking/uSEH.rar
JA> /JA
--
~/ZARAZA
Íåïðèÿòíîñòè íà÷íóòñÿ â âîñåìü. (Òâåí)
[ reply ]