| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Oct 2004 10:26:56 +0100 From: Jim Hatfield <subscriber@...ignia.com> To: bugtraq@...urityfocus.com Subject: Re: EEYE: Windows VDM #UD Local Privilege Escalation On Wed, 13 Oct 2004 05:45:50 +0100, in local.bugtraq you wrote: >This vulnerability is located in a portion of the Windows kernel that >handles some low-level aspects of executing 16-bit code inside a Virtual >DOS Machine (VDM). A certain invalid opcode byte sequence is used in >the 16-bit DOS emulation code to pass requests (referred to as "bops") AIRC BOP meant "BIOS Operation". It was the mechanism used in SoftPC to transfer control from the emulated Intel world to the native world on which the emulator was running. Most of the BIOS in the early SoftPC versions consisted of very short sequences of Intel code ending in a BOP. It was originally a different opcode but when we switched from emulating an 8086 to an 80286 that was no longer an illegal instruction so we changed it to C4C4. jim hatfield
Powered by blists - more mailing lists