Bugtraq mailing list archives
Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day
From: Alexander Sotirov <asotirov () determina com>
Date: Thu, 21 Dec 2006 12:11:29 -0800
3APA3A wrote:
Killer{R} assumes the problem is in strcpy(), because it should not be used for overlapping buffers, but at least ANSI implementation of strcpy from Visual C should be safe in this very situation (copying to lower addresses). May be code is different for Windows XP or vulnerability is later in code.
We discovered this bug some time ago and were preparing an advisory when it was publicly disclosed. Since the exploit is already public, here's my analysis of the vulnerability: http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html It's a double free bug that leads to arbitrary code execution in the CSRSS process. Alex
Current thread:
- Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Alexander Sotirov (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Pukhraj Singh (Dec 21)
- Message not available
- RE: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Michele Cicciotti (Dec 22)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day Alexander Sotirov (Dec 21)
- Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day 3APA3A (Dec 21)