Re: development of wordpad exploit (Links)

[lwcashd () BIW COM (Larry W. Cashdollar)]

Here is a list of resources to get an idea of buffer overflows and how they work. This is a starter for those of you 
who are new or foggy. Everyone else can ignore it or read them if your bored. The first one is for windows, the rest 
are for linux/unix but still applicable to this concept.

Windows
--------
http://www.cultdeadcow.com/cDc_files/cDc-351/

Linux/Unix
--------
I apologize for the mirror off my personal site but I reference these
documents so much its only natural.  All credit goes to the authors.

http://vapid.dhs.org/Library/P49-14-Aleph-One
http://vapid.dhs.org/Library/buffer.txt
http://vapid.dhs.org/Library/bufferov.html
http://vapid.dhs.org/Library/nate-buffer.ps

On Fri, Nov 19, 1999 at 05:08:05PM -0000, Riley, Steven wrote:
> I'm in a similar position. I new to this concept. I'm trying to figure out
> how you get a buffer overrun to execute code. How would code be inserted?
> What signs would I look for to identify if code could be inserted?
>
> The Riched20.dll has references to the ADVAPI32.DLL, USER32.DLL,
> KERNEL32.DLL etc.. Would it be possible to use this overflow to pass
> commands to these dll's?
>
> How would you write the command string... I've got a lot learn :-(  Time to
> buy the 'Dummies guide to buffer overflows'.

-- Larry
http://vapid.dhs.org
R2D2 r00ted the death star.