We've now had the opportunity to do some testing on different hosts/configurations... the results differed from ours but yet still provided exploitable conditions. The breaks this time were during calls to RtlAllocateHeap and RtlFreeHeap - with careful register manipulation it is STILL possible to execute custom code. More detailed info later. -dark spyrit.
This archive was generated by hypermail 2b30 : Sat Apr 28 2001 - 09:54:16 PDT