| New User, Welcome! Login |
Another new technique to bypass SEHOP. ( no 'xor pop pop ret' )
| From: |
geinblues gmail com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Another new technique to bypass SEHOP. ( no 'xor pop pop ret' ) |
| Date: |
Sat - Oct 02, 2010 06:08 AM |
Lately, MS Windows SEH overflow attack technique only uses the methods.
[mostly used method]
win xp sp2(SEH): 'pop pop ret' - David Litchfield 2003.
win xp sp3(SafeSEH): unloaded module's 'pop pop ret' - Litchfield 2003.
win server 2008/Vista sp1(SEHOP): SYSDREAM(c)'s 'xor pop pop ret'.
[my new method to exploit SEHOP]
I researched SEH and any reference I found a way to exploit SafeSEH+SEHOP protections all at once.
below is the presentation PDF. :-)
Presentation URL:
http://www.x90c.org/SEH%20all-at-once%20attack.pdf
--
David Litchfield's 2003 presentation introduced similar method with my technique which using allowed _except_handler3. but it was applied SafeSEH only. and having a difference to my technique.
--
Thnak you lists.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
