Vulnerability Development mailing list archives
Re: Windows Heap Overflows In General
From: Vizzy <vizzy () freemail hu>
Date: Mon, 2 Dec 2002 12:49:52 +0000
Monday, December 02, 2002, 2:03:04 AM, you wrote: BM> *) Remember with heap based overflows you can write multiple sets of 4 BM> bytes. It's not the registers you are overflowing, but a structure. What do BM> the other structure bytes control? Size does matter! Well, it's not always possible. What if you can overwrite only one free chunk structure? Then, possibility to overwrite choosen 4 bytes will occur in a call to free(), when *BK (previous free chunk pointer) would be replaced with the offset to a newly free()'ed one, containing our supplied data. -- have phun, Vizzy
Current thread:
- Windows Heap Overflows In General Brett Moore (Dec 02)
- Re: Windows Heap Overflows In General David Litchfield (Dec 02)
- RE: Windows Heap Overflows In General Brett Moore (Dec 02)
- Re: Windows Heap Overflows In General Vizzy (Dec 02)
- Re: Windows Heap Overflows In General David Litchfield (Dec 02)