Bugtraq mailing list archives

Re: WordPad/riched20.dll buffer overflow

From: core.lists.bugtraq () CORE-SDI COM (Gerardo Richarte)
Date: Wed, 24 Nov 1999 15:14:10 -0300


Solar Eclipse wrote:

When I tried this, I found out that code CAN be executed on the heap,
although the heap descriptor has no execute permissions. I don't know
why. If somebody can confirm this it would be great.


    I remember reading something about this i a book named Windows NT Device
Driver Development, let me check it out...
    Ok, here it is, on page 58, it's talking about Access Control of virtual
pages, and it says, literally if a page can be read, it can be executed. I
remember that this took my attention for some days, then I forgot about it, until
you mentioned it.

    richie

--
A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0
Investigacion y Desarrollo - CoreLabs - Core SDI
http://www.core-sdi.com

--- For a personal reply use gera () core-sdi com

Current thread:

WordPad/riched20.dll buffer overflow Pauli Ojanpera (Nov 18)
- Re: WordPad/riched20.dll buffer overflow Bronek Kozicki (Nov 18)
- Re: WordPad/riched20.dll buffer overflow Gerardo Richarte (Nov 18)
  - Re: WordPad/riched20.dll buffer overflow Gerardo Richarte (Nov 24)
  - (no subject) Swen Persson (Nov 24)
  - Re: WordPad/riched20.dll buffer overflow Gerardo Richarte (Nov 24)
    - Re: WordPad/riched20.dll buffer overflow pedward () WEBCOM COM (Nov 26)
    - Re: WordPad/riched20.dll buffer overflow Christopher Rhodes (Nov 26)
    - Re: WordPad/riched20.dll buffer overflow Glynn Clements (Nov 27)
    - SCO su patches Alfred Huger (Nov 28)
    - Solaris7 dtmail/dtmailpr/mailtool Buffer Overflow UNYUN (Nov 29)
    - Page table protection on Intel Jason Spence (Nov 26)
    - SuSE Security Announcement - new security tools Marc Heuse (Nov 26)
    - 3Com cable modems / Mediaone Signal 11 (Nov 27)
    - Re: 3Com cable modems / Mediaone Joseph W. Breu (Nov 29)
    - NTmail and VRFY George (Nov 30)

(Thread continues...)