A New CVE-2015-0057 Exploit Technology
04.04.2016 Views
Share Embed Flag

A New CVE-2015-0057 Exploit Technology

asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology

asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
n0lab

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

tagPROPLIST object<br />

1. tagPROPLIST object and vulnerability related object<br />

tagSBINFO, are all allocated from the Win32K Desktop Heap.<br />

2. Inside the tagPROPLIST object, there is an array named<br />

tagPROP. This array's size can be adjusted to meet the needs of<br />

the exploit.<br />

3. The contents of the tagPROPLIST object can be manipulated<br />

through User32 APIs, such as SetProp routine.<br />

4. Crucially, the behavior of SET after the Use-After-Free<br />

Vulnerability will overwrite tagPROPLIST’s cEntries field, which<br />

means that any subsequent operations on this tagPROPLIST<br />

object can result in another out of bounds access.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!