I've discovered a software bug and I've been trying to figure out if it is exploitable. I was wondering if anyone on the list has exploit development experience and would be willing to give me a hand. It's not on any well known software so it might be boring to most, but it's very exciting to me! So, I imagine that help would come from a generous soul willing to lend a hand :)
My bug crashes an application consistently and overwrites the return address but then does strange things. I've been told by jduck at Metasploit that this might be exploitable but after reading everything I've found, I'm not sure what I'm missing. I am comfortable with basic buffer overflows but this one does not appear to be basic. I am certain it is not an SEH overflow but can show that EIP is overwritten and I also know the offset. Let me know if anyone is willing to give me some advice. I'll show you my exploit code and give you the software make/version as well. Thanks, Craig
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
