Re: can this overflow lead to exploitation?

[ArcSighter Elite <arcsighter () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

pen-test wrote:
> Hi all,
>
> Just need some help exploiting a doubtd buffer overflow, Well, the
> scenario is, i found a cute little app of my friend, vulnerable to overflow(?).
> But i can't say at this time whthr itz exploitable or not. Thatz why i
> need help,
>
> Ok, what you do when u doubt thrz a chance of exploitation, if an app
> get crashed, when given an arbitrary long URL/filename?
>
> In my case the app crashed with a MessageBox from the exception
> handler that the "app terminated unexpectdly" and giving a dmp, I just
> ran the mem dump thru VS 2005 and got "an Unhandled exception at
> 0x019f57b0 in app.exe: 0xC0000005:Access violation writing location
> 0xd357a29f." Seems a null pointer usage, but not sure.
>
> Hmmm, following me?
>
> Now pls help me analyse the case and if exploitable, how? Any online
> documentations, e-books ? Above all any experts in buff overflow
> exploitation?
>
> Thanks ahead,
>
> Tom

As I already said a lot of times, it's practically impossible to give
people feedback with such a little information. But you must know that
in most cases where you can leverage an arbitrary DWORD overwrite, then
it will be probably more than exploitable; of course, in the case you
can control that address (and have a buffer in control, too, of course,
to egghunt or not). Following the code path would give you more
information, but the fact is that yes at first glance may be
exploitable, but you have to consider the other issues, the code and
data flow, input manipulation, protections in place, etc.

Sincerely.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJkto7H+KgkfcIQ8cRAicbAKDmNkXb8fFWxs7yRaecnAkYIHkqYQCfYdyG
DkMra44S7ebAfl4qusGThvU=
=dYSU
-----END PGP SIGNATURE-----