In-Reply-To: <254c01c1eb18$7af4f1a0$2e58a8c0@ffornicario>
The MS /GS switch has an equally fatal flaw in its stack
layout that makes it unnecessary to deal with the random
canary: the Structured Exception Handler frame (which has a
function pointer) comes after the canary (or cookie in MS
CORE SECURITY TECHNOLOGIES Advisory
http://www.corest.com
Multiple vulnerabilities in stack smashing protection technologies
Date Published: 2002-04-23
Last Update: 2002-04-23
Advisory ID: CORE-20020409
Bugtraq ID: Non-a