<<< Date Index >>>     <<< Thread Index >>>

Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities



> Although the vulnerabilities are hard to exploit, > it's not impossible.
> There are some restrictions to bypass:
> 
> - The path name is formated in Unicode, so we have to find an opcode in an 
> address with an unicode format
> - The shellcode has to be in the path name so we have to use an Alphanumeric 
> shellcode

What's to stop someone from encoding the path(shellcode) in unicode(using both 
bytes of unicode/no null bytes)? Also, is there a special situation why it has 
to be strictly alphanumeric? Because, in general this is not the case.

I've worked with these guidelines myself in the 
past(http://fakehalo.us/xfinder-ds.pl), and I see no specific issue with doing 
similar for this, unless information to the contrary isn't included.