Metasploit mailing list archives
Remote code execution when only able to write 1 byte?
From: nicolas.ruff at gmail.com (Nicolas RUFF)
Date: Sun, 11 Mar 2007 11:31:50 +0100
If you are only able to write over 1 byte of the heap, how would it be possible to execute arbitrary code? Thanks.
It used to be possible, but starting with Windows XP SP2, heap structures are cookie-protected and sanity-checked. It's getting worse with Vista, since heap structures are using XOR-ed pointers. Note that this does *not* apply to non Windows managed heaps (e.g. Delphi, Cygwin, etc.) Regards, - Nicolas RUFF
Current thread:
- Remote code execution when only able to write 1 byte? Mathew Rowley (Feb 16)
- Remote code execution when only able to write 1 byte? Alexander Sotirov (Feb 16)
- Remote code execution when only able to write 1 byte? Nicolas RUFF (Mar 11)
- Remote code execution when only able to write 1 byte? Pusscat (Mar 12)