[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SafeSEH+SEHOP all-at-once bypass explotation method principles

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SafeSEH+SEHOP all-at-once bypass explotation method principles
From: geinblues@xxxxxxxxx
Date: Thu, 12 Jan 2012 10:18:53 GMT
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hello,

I wrote this to introduce a small paper for my exploitation method of SafeSEH+SEHOP bypass in Oct, 2010.
(http://www.x90c.org/SEH all-at-once attack.pdf, http://www.exploit-db.com/exploits/15184)

Sadly it's not portable. But leave some thoughts about the method.

- SafeSEH+SEHOP all-at-once bypass explotation method principles
  http://www.x90c.org/SafeSEH+SEHOP principles.pdf

- sehop_chain_validation.c (Reverse Engineering code) 
  http://www.x90c.org/RE_SEHOP_chain_validation.txt

Prev by Date: Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation
Next by Date: [ MDVSA-2012:004 ] t1lib
Previous by thread: Revised IETF I-D: IPv6 Neighbor Discovery, SEND, and IPv6 Fragmentation
Next by thread: [ MDVSA-2012:004 ] t1lib
Index(es):
- Date
- Thread