Full Disclosure mailing list archives
Re: MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable
From: Thierry Zoller <Thierry () Zoller lu>
Date: Wed, 7 Jun 2006 12:36:40 +0200
Dear kcope, Under windows the heap structure changes when a debugger is attached, which may lead to an exploitable condition even when the condition is not there without debugger. There was a recent post on DailyDave about this "phenomena" http://www.immunitysec.com/pipermail/dailydave/2005-October/002585.html QUOTE : Also newer versions of windbg can be configured to prevent this: "Processes created by the debugger behave slightly differently than they would under normal conditions. Instead of using the standard heap API, processes created by the debugger use a special *debug heap*. On Microsoft(r) Windows XP and later versions of Windows, you can force a spawned process to use the standard heap instead of the debug heap by using the -- http://secdev.zoller.lu Thierry Zoller Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable kcope (Jun 07)
- Re: MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable Thierry Zoller (Jun 07)