-Exploiting Freelist[0] On Windows XP Service Pack 2- Windows XP Service pack 2 introduced some new security measures in an attempt to prevent the use of overwritten heap headers to do arbitrary byte writing. This method of exploiting heap overflows, and the protection offered by service pack 2, is widely known and has been well documented in the past. What this paper will attempt to explain is how other functionality of the heap management code can be used to gain execution control after a chunk header has been overwritten. In particular this paper takes a look at exploiting freelist[0] overwrites. It can currently be downloaded from our website http://www.security-assessment.com/tech-1.htm Brett Moore Network Intrusion Specialist, CTO Security-Assessment.com CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited. Please note that this communication does not designate an information system for the purposes of the New Zealand Electronic Transactions Act 2002. e-mail protected and scanned by Bizo Email Filter - powered by Advascan
