Shattering By Example

To: "Bugtraq@Securityfocus. Com" <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Shattering By Example
From: "Brett Moore" <brett.moore@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Oct 2003 15:16:20 +1300
Importance: Normal
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A new white paper on shatter attcks has been released and is available 
from our website;

www.security-assessment.com/Papers/Shattering_By_Example-V1_03102003.pdf 

This white paper includes information from both shatterseh2.txt and
shatterseh3.txt.

It also includes a shatter attack exploit against statusbars that uses
the following messages;
* WM_SETTEXT
* SB_SETTEXT
* SB_GETTEXTLENGTH
* SB_SETPARTS
* SB_GETPARTS

and demonstrates the following techniques.
* brute forcing a useable heap address
* placing structure information inside a process
* injecting shellcode to known location
* overwriting 4 bytes of a critical memory address

Any feedback or followup to this is most welcome,

Regards

Brett Moore
Network Intrusion Specialist
www.security-assessment.com

Prev by Date: NetBSD Security Advisory 2003-017: OpenSSL multiple vulnerabilities
Next by Date: Bad news on RPC DCOM vulnerability
Previous by thread: NetBSD Security Advisory 2003-017: OpenSSL multiple vulnerabilities
Next by thread: Bad news on RPC DCOM vulnerability
Index(es):
- Date
- Thread