728x90
It's not always possible to find vulnerabilities or even zero days after using methods of reverse engineering or fuzzing, but this time I was super lucky. 2 months ago, I was studying Corelan’s article about heap spray exploitation which is a great one. During the study, while I was debugging Internet Explorer 7, Immunity Debugger (the last version, 1.85) has crashed and WinDBG handled the exception. I was really surprised.
When I looked back to determine what caused it to crash, I noticed that SE-Handler was recursively added to its SEH chain. Because SEH chain was created on stack segment and SEH chain was too long, this caused a stack overflow and Immunity Debugger crashed.
728x90
'취약점 정보1' 카테고리의 다른 글
| Cisco AsyncOS Patch (0) | 2014.03.21 |
|---|---|
| Python 3.4 Released (0) | 2014.03.21 |
| Panda Cloud Antivirus 2.9.1 Beta 2 (0) | 2014.03.20 |
| F-Secure Internet Security Technology Preview - Release 108 (0) | 2014.03.20 |
| Kaspersky Anti-Virus 및 Kaspersky Internet Security 2014 : 패치 F 업데이트 안내 (0) | 2014.03.20 |