[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Shattering By Example

To: "Bugtraq@Securityfocus. Com" <bugtraq@securityfocus.com>
Subject: Shattering By Example
From: "Brett Moore" <brett.moore@security-assessment.com>
Date: Fri, 10 Oct 2003 15:16:20 +1300

A new white paper on shatter attcks has been released and is available 
from our website;

www.security-assessment.com/Papers/Shattering_By_Example-V1_03102003.pdf 

This white paper includes information from both shatterseh2.txt and
shatterseh3.txt.

It also includes a shatter attack exploit against statusbars that uses
the following messages;
* WM_SETTEXT
* SB_SETTEXT
* SB_GETTEXTLENGTH
* SB_SETPARTS
* SB_GETPARTS

and demonstrates the following techniques.
* brute forcing a useable heap address
* placing structure information inside a process
* injecting shellcode to known location
* overwriting 4 bytes of a critical memory address

Any feedback or followup to this is most welcome,

Regards

Brett Moore
Network Intrusion Specialist
www.security-assessment.com

Prev by Date: NetBSD Security Advisory 2003-015: Remote and local vulnerabilities in XFree86 font libraries
Next by Date: Bad news on RPC DCOM vulnerability
Previous by thread: NetBSD Security Advisory 2003-015: Remote and local vulnerabilities in XFree86 font libraries
Next by thread: Bad news on RPC DCOM vulnerability
Index(es):
- Date
- Thread