| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Apr 2007 10:24:52 -0400 From: "Larry Seltzer" <Larry@...ryseltzer.com> To: "Jason Areff" <hailtheczar@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Windows .ANI LoadAniIcon Stack Overflow LS>Heap spraying implies running code in the heap, JA>Actually, um.. no.. it doesn't My understanding of heap spraying comes from http://blogs.securiteam.com/index.php/archives/638: "...SkyLined's heap spraying techqniue (http://sf-freedom.blogspot.com/2006/07/heap-spraying-internet-exploiter .html) (the concept of this technique is that you inject the nop + shellcode into the heap memory and use some method to trick the eip jump into that heap ..." Sure sounds like running code in the heap to me. JA>How do you get to be in that position? Lot's of buzzword-tossing I'd have to guess. Fuck you too. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blog.eweek.com/blogs/larry%5Fseltzer/ <http://blog.eweek.com/blogs/larry_seltzer/> <http://blog.ziffdavis.com/seltzer> Contributing Editor, PC Magazine larryseltzer@...fdavis.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists