[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Shattering By Example

To: "Full-Disclosure@Lists. Netsys. Com" <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Shattering By Example
From: "Brett Moore" <brett.moore@security-assessment.com>
Date: Fri, 10 Oct 2003 15:15:59 +1300

A new white paper on shatter attcks has been released and is available 
from our website;

www.security-assessment.com/Papers/Shattering_By_Example-V1_03102003.pdf 

This white paper includes information from both shatterseh2.txt and
shatterseh3.txt.

It also includes a shatter attack exploit against statusbars that uses
the following messages;
* WM_SETTEXT
* SB_SETTEXT
* SB_GETTEXTLENGTH
* SB_SETPARTS
* SB_GETPARTS

and demonstrates the following techniques.
* brute forcing a useable heap address
* placing structure information inside a process
* injecting shellcode to known location
* overwriting 4 bytes of a critical memory address

Any feedback or followup to this is most welcome,

Regards

Brett Moore
Network Intrusion Specialist
www.security-assessment.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Port 135 scans, IDS/incidents mailing lists
Next by Date: RE: [Full-Disclosure] Re: Do you really think CDs will be protected in future?
Previous by thread: Re: [Full-Disclosure] MS RPC remote exploit. What about DCOMbobulator?
Next by thread: [Full-Disclosure] Opera/Netscape/Mozilla: Floppy access from untrusted java applet
Index(es):
- Date
- Thread