[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EEYE: Windows VDM #UD Local Privilege Escalation

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: EEYE: Windows VDM #UD Local Privilege Escalation
From: Jim Hatfield <subscriber@xxxxxxxxxxxx>
Date: Thu, 14 Oct 2004 10:26:56 +0100

On Wed, 13 Oct 2004 05:45:50 +0100, in local.bugtraq you wrote:

>This vulnerability is located in a portion of the Windows kernel that
>handles some low-level aspects of executing 16-bit code inside a Virtual
>DOS Machine (VDM).  A certain invalid opcode byte sequence is used in
>the 16-bit DOS emulation code to pass requests (referred to as "bops")

AIRC BOP meant "BIOS Operation". It was the mechanism used in SoftPC
to transfer control from the emulated Intel world to the native world
on which the emulator was running. Most of the BIOS in the early
SoftPC versions consisted of very short sequences of Intel code ending
in a BOP. It was originally a different opcode but when we switched
from emulating an 8086 to an 80286 that was no longer an illegal
instruction so we changed it to C4C4.

jim hatfield

Prev by Date: Re: Directory traversal in Yak! 2.1.2
Next by Date: Re: Norton AntiVirus 2004 Script Blocking Failure (Includes PoC and rant)
Previous by thread: EEYE: Windows VDM #UD Local Privilege Escalation
Next by thread: [ GLSA 200410-11 ] tiff: Buffer overflows in image decoding
Index(es):
- Date
- Thread