Vulnerability Development mailing list archives
Exotic vulnerability
From: joxeankoret <joxeankoret () yahoo es>
Date: Tue, 26 Jun 2007 11:23:28 -0700 (PDT)
Hi, I'm trying to develop an exploit for a product in which I found a vulnerability and that is the most "exotic" one I found. The following C source recreates the vulnerability: #include <stdio.h> void func(int var) { __asm__("mov (%eax), %eax"); __asm__("call *%eax"); return; } int main(int argc, char *argv[]) { int i; printf("Value is 0x%x\n", atoi(argv[1])); i = atoi(argv[1]); func(i); } When the process calls the function "func" EAX has the value stored in the variable "i", next the process makes the call "mov (%eax), %eax" and next calls %eax. I have not be found a way to exploit it. Any ideas in how can be exploited to execute arbitrary code? BTW, I'm trying to exploit it under Linux x86. Thanks! Joxean Koret -- View this message in context: http://www.nabble.com/Exotic-vulnerability-tf3983982.html#a11311064 Sent from the Vulnerability Development mailing list archive at Nabble.com.
Current thread:
- Exotic vulnerability joxeankoret (Jun 27)
- Re: Exotic vulnerability Thomas Pollet (Jun 28)