|
|
|
|
|
|
by hwhatwhatwhat
3691 days ago
|
|
|
>
This is a remote code execution vulnerability. I understand how this vulnerability can be used to corrupt the heap, as it's writing more data than malloc was asked to reserve, so it can overwrite memory allocations from other parts of the program. I am curious as to how would one create a reliable remote code execution exploit out of this? I guess that one may be able to find a function pointer somewhere to overwrite, and use that to control program flow to your shellcode - but as this is dynamically allocated memory, could it not be adjacent to pretty much anything? How would an attacker approach making a remote code execution exploit, given these constraints? Is it possible in practice or more theoretical? (I'm not challenging this classification, just would really like to know how this works!) |
|
|