Heap Overflow – Page 4 – WindowsTechs.com

SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

Posted on December 2, 2018 by SSD / Ori Nimron

Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph. CoreAnimation uses a unique rendering model where the grap… Continue reading SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow→

Confused over unlink() macro for malloc, pictorially, I think I understand but lost in the logic

Posted on September 18, 2018 by H3G3moKnight

I am trying to understand the basic unlinc() exploit on the Heap (yes, I know its been patched for years now.) I think I understand conceptually what is happening. The chunk that is being un-linked from the doubly linked list… Continue reading Confused over unlink() macro for malloc, pictorially, I think I understand but lost in the logic→

Heap spray blocked by EDR

Posted on July 27, 2018 by Limpid.Security

Assuming the application is vulnerable would a process crash if it was a subject for a heap spray attack and the attack is blocked by the EDR?

Continue reading Heap spray blocked by EDR→

When does Heap unlinking occur, free or malloc?

Posted on July 7, 2018 by kok

I want to know when unlinking occurs, malloc or free. Please explain the algorithm of unlinking.

I am going to make heap overflow by unlinking to corrupt metadata.

Continue reading When does Heap unlinking occur, free or malloc?→

Buffer overflows on the heap vs the stack

Posted on April 6, 2018 by John

It is my current understanding that in order to successfully exploit a stack-based buffer overflow vulnerability, we must first overflow the buffer, thus overwriting the return pointer and gaining control of EIP. Once we control EIP, we ca… Continue reading Buffer overflows on the heap vs the stack→

Why kali cannot be exploited by user after free heap overflow? [on hold]

Posted on March 27, 2018 by kst

I am learning about heap overflow. And I use the following code to overflow.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void jackpot() { puts(“jackpot!”); system(“/bin/sh”); }

int main()
… Continue reading Why kali cannot be exploited by user after free heap overflow? [on hold]→

SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities

Posted on February 4, 2018 by SSD / Maor Schwartz

Vulnerabilities summary The following advisory describes 12 (twelve) vulnerabilities found in Python Bytecode Disassembler and Decompiler (pycdc). Python Bytecode Disassembler and Decompiler (pycdc) “aims to translate compiled Python byte-code ba… Continue reading SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities→

Heap overflow question

Posted on January 3, 2018 by kst

I want to make heap overflow exploit.
But I have some difficulties . I want to know how to find av->top value and how to overwrite av->top value.
I do not understand clearly.
Please answer me.

Continue reading Heap overflow question→

Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10

Posted on December 19, 2017 by Tom Spring

Google’s Project Zero team dubs a new WPAD-related attack as an “aPAColypse Now” that allows a local attacker to compromise a targeted and fully patched Windows 10 PC. Continue reading Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10→

SSD安全公告–GraphicsMagick多个漏洞

Posted on November 21, 2017 by SSD / Maor Schwartz

漏洞概要以下安全公告描述了在GraphicsMagick中发现的两个漏洞。 GraphicsMagick是“图像&#22788… Continue reading SSD安全公告–GraphicsMagick多个漏洞→