lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <005601c5fba0$77845eb0$0a01a8c0@antic0de>
Date: Thu, 8 Dec 2005 15:38:25 +1300
From: "Brett Moore" <brett.moore@...urity-assessment.com>
To: <bugtraq@...urityfocus.com>
Subject: -Exploiting Freelist[0] On Windows XP Service Pack 2-

-Exploiting Freelist[0] On Windows XP Service Pack 2-

Windows XP Service pack 2 introduced some new security measures in an
attempt to prevent the use of overwritten heap headers to do arbitrary
byte writing. This method of exploiting heap overflows, and the protection
offered by service pack 2, is widely known and has been well documented
in the past.

What this paper will attempt to explain is how other functionality of the
heap management code can be used to gain execution control after a chunk
header has been overwritten.

In particular this paper takes a look at exploiting freelist[0] overwrites.

It can currently be downloaded from our website
http://www.security-assessment.com/tech-1.htm

Brett Moore
Network Intrusion Specialist, CTO
Security-Assessment.com 

CONFIDENTIALITY NOTICE: 

This message and any attachment(s) are confidential and proprietary. They
may also be privileged or otherwise protected from disclosure. If you are
not the intended recipient, advise the sender and delete this message and
any attachment from your system. If you are not the intended recipient, you
are not authorised to use or copy this message or attachment or disclose the
contents to any other person. Views expressed are not necessarily endorsed
by Security-Assessment.com Limited. Please note that this communication does
not designate an information system for the purposes of the New Zealand
Electronic Transactions Act 2002. 



e-mail protected and scanned by Bizo Email Filter - powered by Advascan



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ