On Fri, Feb 27, 2009 at 5:04 PM, bob jones <bhold...@gmail.com> wrote:
> http://uninformed.org/?v=4&a=5&t=sumry > > This exploitation relies on the ability to have the top-level UEF point to an arbitrary address which hopefully you have the ability to control. The NULL pointer is only used as a mechanism to trigger the exception necessary to execute code where the handler now points. This doesn't need to be a NULL deref, it can be any unhandled exception. I guess you could compare the NULL pointer in this situation to a memory leak necesary to exploit another condition. The memory leak itself wouldn't be called a vulnerability, it's just used instrumentally to assist in exploitation. In this paper the NULL pointer is used to assist in the exploitation of a hijacked UEF by triggering the unhandled exception. My original point stands, the NULL pointer dereference can be used to assist in another explotiation, but in itself is not a vulnerability. Do you disagree? -- ciao JT
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/