Re: NOD32 Antivirus Long Path Name Stack Overflow Vulnerabilities
> Although the vulnerabilities are hard to exploit, > it's not impossible.
> There are some restrictions to bypass:
>
> - The path name is formated in Unicode, so we have to find an opcode in an
> address with an unicode format
> - The shellcode has to be in the path name so we have to use an Alphanumeric
> shellcode
What's to stop someone from encoding the path(shellcode) in unicode(using both
bytes of unicode/no null bytes)? Also, is there a special situation why it has
to be strictly alphanumeric? Because, in general this is not the case.
I've worked with these guidelines myself in the
past(http://fakehalo.us/xfinder-ds.pl), and I see no specific issue with doing
similar for this, unless information to the contrary isn't included.