Re: WordPad/riched20.dll buffer overflow

From: Gerardo Richarte (core.lists.bugtraq@CORE-SDI.COM)
Date: Wed Nov 24 1999 - 10:14:10 PST

Next message: Alan Cox: "Re: BindView Security Advisory: SSR Denial of Service"

Previous message: Mnemonix: "Oracle Web Listener"
Maybe in reply to: Pauli Ojanpera: "WordPad/riched20.dll buffer overflow"
Next in thread: pedwardat_private: "Re: WordPad/riched20.dll buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Solar Eclipse wrote:

> When I tried this, I found out that code CAN be executed on the heap,
> although the heap descriptor has no execute permissions. I don't know
> why. If somebody can confirm this it would be great.

    I remember reading something about this i a book named Windows NT Device
Driver Development, let me check it out...
    Ok, here it is, on page 58, it's talking about Access Control of virtual
pages, and it says, literally if a page can be read, it can be executed. I
remember that this took my attention for some days, then I forgot about it, until
you mentioned it.

    richie

--
A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0
Investigacion y Desarrollo - CoreLabs - Core SDI
http://www.core-sdi.com


--- For a personal reply use gera@core-sdi.com

Next message: Alan Cox: "Re: BindView Security Advisory: SSR Denial of Service"
Previous message: Mnemonix: "Oracle Web Listener"
Maybe in reply to: Pauli Ojanpera: "WordPad/riched20.dll buffer overflow"
Next in thread: pedwardat_private: "Re: WordPad/riched20.dll buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:14:16 PDT