Full Disclosure mailing list archives

Control EDX/EAX in JPG Heap Overflow (MS04-028)

From: Anonymous User <PERFECT.MATERIAL () gmail com>
Date: Tue, 21 Sep 2004 23:06:36 -0400

Dear Italian Elf,

You wrote:

In this point we can control the value of EDX (it's overwritten by
"CCCC" 0x43434343 dword inside JPEG header), but it's difficult escape
from the heap and take the full control on execution.


I also have difficulty escape from the heap.  Maybe we can do lunch some time?

PERFECT.MATERIAL

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Control EDX/EAX in JPG Heap Overflow (MS04-028) Elia Florio (Sep 21)
- <Possible follow-ups>
- Control EDX/EAX in JPG Heap Overflow (MS04-028) Anonymous User (Sep 21)
- Re: Control EDX/EAX in JPG Heap Overflow (MS04-028) jerome . athias (Sep 22)
- RE: Control EDX/EAX in JPG Heap Overflow (MS04-028) Todd Towles (Sep 22)