Bugtraqmailing list archives
Windows LoadImage API Heapoverflow exploit
From: "Berend-Jan Wever" <skylined () edup tudelft nl>
Date: Sat, 1 Jan 2005 19:57:32 +0100 (CET)
Has anybody else tested flashsky's exploit ?I've tried to exploit this vuln on win2ksp4 MSIE 6.0sp1 but in my findingsit is very unreliable: The different threads running in IE make it allmostimpossible to determine what Heap API call will first run into anoverwritting heap header block (HeapAlloc, HeapReAlloc, HeapFree,RtlHeapAlloc, etc.., etc..) or which block it will run into. Most callswill simply crash IE, I've only had one successfull attempt in what musthave been at least 50 tries.Finding a way to make sure one specific heap API call will be called afteroverwriting the heap would solve this problem, so far my attempts at thishave been unsuccessfull.Cheers,SkyLined
Current thread:
- Windows LoadImage API Heapoverflow exploitBerend-Jan Wever (Jan 01)