BugTraq
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Dec 21 2006 01:41PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memorycorruption 0day Dec 21 2006 08:11PM
Alexander Sotirov (asotirov determina com) (1 replies)
3APA3A wrote:
> Killer{R} assumes the problem is in strcpy(), because it should not be
> used for overlapping buffers, but at least ANSI implementation of strcpy
> from Visual C should be safe in this very situation (copying to lower
> addresses). May be code is different for Windows XP or vulnerability is
> later in code.

We discovered this bug some time ago and were preparing an advisory when it was
publicly disclosed. Since the exploit is already public, here's my analysis of
the vulnerability:

http://www.determina.com/security.research/vulnerabilities/csrss-harderr
or.html

It's a double free bug that leads to arbitrary code execution in the CSRSS process.

Alex

[ reply ]
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Dec 21 2006 10:17PM
Pukhraj Singh (pukhraj singh gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus