Exploiting heap overflows on XP SP2

[nicolas.falliere () gmail com]

Hi,

I describe a new way to exploit heap-based buffer overflows in the following paper:

http://www.packetstormsecurity.com/papers/bypass/bypassing-win-heap-protections.pdf

Basically, one can use critical section related linking structures stored on the process’s default heap to produce a 
n*4-byte overwrite. Gaining control is another problem, only memory overwrite is discussed in the paper.

NF