A New CVE-2015-0057 Exploit Technology
asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology
asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Obstacles Solutions<br />
1. The full control of the tagMENU.rgItems and tagMENU.cItems<br />
fields means obstacle 1 is solved.<br />
2. The full control of the Zombie tagPROPLIST object means<br />
obstacle 2 is solved.<br />
U-A-F tagPROPLIST<br />
cEntries && iFirstFree<br />
Zombie tagPROPLIST<br />
1<br />
cEntries && iFirstFree<br />
2<br />
tagMENU<br />
3<br />
ThunkedMenuItemInfo Routine<br />
tagMENU.cItems<br />
tagMENU.rgItems<br />
……<br />
Arbitrary Write<br />
5<br />
Arbitrary Read<br />
4