Links

Lists

Latest Updates

Ruby On Rails List
Python list
Advanced Java
The JavaScript List
Apache Users
Full Disclosure
Linux Security

Search the archives!
Having a development problem? Ask eDevelopment.org forums!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow

  • From: Larry at larryseltzer.com (Larry Seltzer)
  • Subject: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow
  • Date: Mon, 2 Apr 2007 10:24:52 -0400
LS>Heap spraying implies running code in the heap, 
JA>Actually, um.. no.. it doesn't

My understanding of heap spraying comes from
http://blogs.securiteam.com/index.php/archives/638: "...SkyLined's heap
spraying techqniue
(http://sf-freedom.blogspot.com/2006/07/heap-spraying-internet-exploiter
.html) (the concept of this technique is that you inject the nop +
shellcode into the heap memory and use some method to trick the eip jump
into that heap ..."

Sure sounds like running code in the heap to me.
 
JA>How do you get to be in that position? Lot's of buzzword-tossing I'd
have to guess.

Fuck you too.
 
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/ <blocked::http://security.eweek.com/> 
http://blog.eweek.com/blogs/larry%5Fseltzer/
<http://blog.eweek.com/blogs/larry_seltzer/>
<http://blog.ziffdavis.com/seltzer> 
Contributing Editor, PC Magazine
larryseltzer at ziffdavis.com