Ani exploit plus Heap Spraying
Posted by
Ismael Briones
at 13 April 07 02:40
Today we have detected a server exploting the last ani vulnerability with the known "Heap Spraying" technique. The ani file exploits the vulnerability nevertheless there isn't a shellcode inside it:
The html page has a javascript code to inject heap
as much as possible until a valid memory become the return address to jump after the stack overflow
, in this case 0x0B0B0B0B.
The reason to use this technique instead include the shellcode inside the ani file should be to avoid
the stack execution protection feature. By this way the shellcode is executed in the heap not in the stack, bypassing this protection. You can see the injected heap in the following image and the shellcode:
Categories
Cybercrime
Malicious Code
Spam
Vulnerabilities & Exploits
Archives
September 2008 (1)
August 2008 (2)
July 2008 (9)
June 2008 (6)
May 2008 (7)
April 2008 (9)
March 2008 (8)
February 2008 (13)
January 2008 (5)
December 2007 (3)
November 2007 (8)
October 2007 (9)
September 2007 (6)
August 2007 (5)
July 2007 (8)
June 2007 (7)
May 2007 (12)
April 2007 (10)
March 2007 (7)
February 2007 (15)
January 2007 (16)
December 2006 (18)
November 2006 (19)
October 2006 (6)
Favourites
www.pandasecurity.com
NanoScan Blog
Panda Research Blog
Infected Or Not Blog
Site feed
RSS 2.0
Atom 1.0