[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- To: "Jason Areff" <hailtheczar@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
- From: "Larry Seltzer" <Larry@xxxxxxxxxxxxxxxx>
- Date: Mon, 2 Apr 2007 10:24:52 -0400
LS>Heap spraying implies running code in the heap,
JA>Actually, um.. no.. it doesn't
My understanding of heap spraying comes from
http://blogs.securiteam.com/index.php/archives/638: "...SkyLined's heap
spraying techqniue
(http://sf-freedom.blogspot.com/2006/07/heap-spraying-internet-exploiter
.html) (the concept of this technique is that you inject the nop +
shellcode into the heap memory and use some method to trick the eip jump
into that heap ..."
Sure sounds like running code in the heap to me.
JA>How do you get to be in that position? Lot's of buzzword-tossing I'd
have to guess.
Fuck you too.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <blocked::http://security.eweek.com/>
http://blog.eweek.com/blogs/larry%5Fseltzer/
<http://blog.eweek.com/blogs/larry_seltzer/>
<http://blog.ziffdavis.com/seltzer>
Contributing Editor, PC Magazine
larryseltzer@xxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/