lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <f8hsm0t0gr9d1mo9p6md9g6rlg6q1m0sta@4ax.com>
Date: Thu, 14 Oct 2004 10:26:56 +0100
From: Jim Hatfield <subscriber@...ignia.com>
To: bugtraq@...urityfocus.com
Subject: Re: EEYE: Windows VDM #UD Local Privilege Escalation


On Wed, 13 Oct 2004 05:45:50 +0100, in local.bugtraq you wrote:

>This vulnerability is located in a portion of the Windows kernel that
>handles some low-level aspects of executing 16-bit code inside a Virtual
>DOS Machine (VDM).  A certain invalid opcode byte sequence is used in
>the 16-bit DOS emulation code to pass requests (referred to as "bops")

AIRC BOP meant "BIOS Operation". It was the mechanism used in SoftPC
to transfer control from the emulated Intel world to the native world
on which the emulator was running. Most of the BIOS in the early
SoftPC versions consisted of very short sequences of Intel code ending
in a BOP. It was originally a different opcode but when we switched
from emulating an 8086 to an 80286 that was no longer an illegal
instruction so we changed it to C4C4.

jim hatfield


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ