by Julien Ahrens | Friday, November 9, 2012 | Exploit
My last advisory IA42 “Zoner Photo Studio v15 Build3 (Zps.exe) Registry Value Parsing Local Buffer Overflow” looks like a general exploitable vulnerability, but it is quite interesting to exploit because there is a major memory protection in use: SafeSEH....
by Julien Ahrens | Sunday, September 23, 2012 | Exploit
First of all…thanks b33f from fuzzysecurity.com for your hint which helped a lot in solving the reliability issue of my last exploit 🙂 ! In my last article I wrote about a missing reliable way of executing shellcode. I received a mail from b33f about the...
by Julien Ahrens | Sunday, September 16, 2012 | Exploit
My latest finding: A classic buffer overflow. And this time I’ve used the great mona.py script created by the corelan team to exploit the vulnerability. It helps to find memory addresses for all of your stack adjustment needs (beside this, the script...
by Julien Ahrens | Monday, July 2, 2012 | Exploit
My latest finding: Photodex ProShow Producer v5.0.3256 Local Buffer Overflow Vulnerability And…just a very, very, very quick and not reliable way of exploiting the vulnerability to execute some code. I’m working on a nicer(better) solution 🙂...
by Julien Ahrens | Wednesday, March 21, 2012 | Advisory, Exploit, RCE
This time I’ve found a more critical vulnerability with a CVSSv2 score of 7,5 coordinated by Secunia.com which has already been published on 2012-03-01, but due to a very unfortunate way of communication by Secunia, I haven’t been informed about the...
by Julien Ahrens | Friday, December 16, 2011 | Exploit
Another possible way to jump to shellcode is using the PUSH ESP, RET technique. If you’ve got no usable CALLs or JMPs to ESP for some reasons, you can first use a PUSH ESP to put the address of ESP onto the Stack and after that RET that value to the EIP. So this...
