|
|
|
|
|
|
by wepple
2517 days ago
|
|
|
Building a PoC to prove you can get reliable code execution is typically 10x harder than finding an issue and patching it. The modern approach is to assume that most types of memory corruption could be exploitable, and just patch. Especially given that an inability for one person to reliably PoC does not mean it’s not exploitable; as soon as you say it’s not exploitable, Mark Dowd shows up and exploits the bug. |
|
|