Vulnerability Development mailing list archives
Developing exploit for a tricky vulnerability
From: "John Paterson" <john9434 () gmail com>
Date: Fri, 29 Jun 2007 13:31:36 +0200
Here is the scenario: There is a buffer located on the heap beginning at address A. I can overwrite any dword-aligned memory location between A and A+S, where S is the size of exploit file divided by 2. This is the tricky part - the value written must be in the range from 0 to FFFF. This is not a typical heap overflow - in orther to overwrite location X I don't need to overwrite all locations between A and X, I can overwrite just X. Multiple locations can be overwritten with different values. Target platform is Windows XP. Any ideas how to exploit this?
Current thread:
- Developing exploit for a tricky vulnerability John Paterson (Jun 29)