[32042] in bugtraq
Shattering By Example
daemon@ATHENA.MIT.EDU (Brett Moore)
Fri Oct 10 12:07:30 2003
From: "Brett Moore" <brett.moore@security-assessment.com>
To: "Bugtraq@Securityfocus. Com" <bugtraq@securityfocus.com>
Date: Fri, 10 Oct 2003 15:16:20 +1300
Message-ID: <KFEMINDBKGBEMHACCJHCKEBEDCAA.brett.moore@security-assessment.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
A new white paper on shatter attcks has been released and is available
from our website;
www.security-assessment.com/Papers/Shattering_By_Example-V1_03102003.pdf
This white paper includes information from both shatterseh2.txt and
shatterseh3.txt.
It also includes a shatter attack exploit against statusbars that uses
the following messages;
* WM_SETTEXT
* SB_SETTEXT
* SB_GETTEXTLENGTH
* SB_SETPARTS
* SB_GETPARTS
and demonstrates the following techniques.
* brute forcing a useable heap address
* placing structure information inside a process
* injecting shellcode to known location
* overwriting 4 bytes of a critical memory address
Any feedback or followup to this is most welcome,
Regards
Brett Moore
Network Intrusion Specialist
www.security-assessment.com
