Date: Thu, 8 Dec 2005 15:38:25 +1300
From: "Brett Moore" <brett.moore@...urity-assessment.com>
To: <bugtraq@...urityfocus.com>
Subject: -Exploiting Freelist[0] On Windows XP Service Pack 2-

-Exploiting Freelist[0] On Windows XP Service Pack 2-

Windows XP Service pack 2 introduced some new security measures in an
attempt to prevent the use of overwritten heap headers to do arbitrary
byte writing. This method of exploiting heap overflows, and the protection
offered by service pack 2, is widely known and has been well documented
in the past.

What this paper will attempt to explain is how other functionality of the
heap management code can be used to gain execution control after a chunk
header has been overwritten.

In particular this paper takes a look at exploiting freelist[0] overwrites.

It can currently be downloaded from our website
http://www.security-assessment.com/tech-1.htm

Brett Moore
Network Intrusion Specialist, CTO
Security-Assessment.com 

CONFIDENTIALITY NOTICE: 

This message and any attachment(s) are confidential and proprietary. They
may also be privileged or otherwise protected from disclosure. If you are
not the intended recipient, advise the sender and delete this message and
any attachment from your system. If you are not the intended recipient, you
are not authorised to use or copy this message or attachment or disclose the
contents to any other person. Views expressed are not necessarily endorsed
by Security-Assessment.com Limited. Please note that this communication does
not designate an information system for the purposes of the New Zealand
Electronic Transactions Act 2002. 



e-mail protected and scanned by Bizo Email Filter - powered by Advascan

Powered by blists - more mailing lists