Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
csrss.exe double-free vulnerability - arbitrary DWORD overwrite exploit
Dec 30 2006 12:40AM
Reversemode (advisories reversemode com)
For those researchers who are interested in the Csrss Double-Free
vulnerability, I have coded an arbitrary DWORD overwrite exploit. This
flaw is hard to exploit (at least for me) due to the the "fail-and-die"
situation. Corrupting the heap in a process like Csrss is dangerous.
However, by defi...
[ more ]
Copyright 2010, SecurityFocus