A New CVE-2015-0057 Exploit Technology
asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology
asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Obstacles Solutions<br />
1. Manipulating the tagWND.pSBInfo field by pointing it to the<br />
tagWND.strName, and then rewriting tagWND's strName.Buffer<br />
field indirectly through SetScrollInfo means obstacle 1 is solved.<br />
2. The full control of the Zombie tagPROPLIST object means<br />
obstacle 2 is solved.<br />
U-A-F tagPROPLIST<br />
cEntries && iFirstFree<br />
Zombie tagPROPLIST<br />
1<br />
cEntries && iFirstFree<br />
2<br />
tagWND<br />
tagWND.pSBInfo<br />
3<br />
SetScrollInfo Routine<br />
tagWND.strName.Buffer<br />
……<br />
Arbitrary Write<br />
5<br />
Arbitrary Read<br />
4