COM object fuzzing with AxMan is one of the easier ways to find new vulnerabilities
today. Download it and give it a try!
References
AxMan homepage http://metasploit.com/users/hdm/tools/axman/
ADODB.Connection security bulletin www.microsoft.com/technet/security/Bulletin/MS07-
009.mspx
Heap Spray to Exploit
Back in the day, security experts believed that buffer overruns on the stack were exploitable,
but that heap-based buffer overruns were not. And then techniques emerged to
make too-large buffer overruns into heap memory exploitable for code execution. But
some people still believed that crashes due to a component jumping into uninitialized
or bogus heap memory were not exploitable. However, that changed with the introduction
of InternetExploiter from a hacker named Skylined.
InternetExploiter
How would you control execution of an Internet Explorer crash that jumped off into
random heap memory and died? That was probably the question Skylined asked himself
in 2004 when trying to develop an exploit for the IFRAME vulnerability that was
eventually fixed with MS04-040. The answer is that you would make sure the heap location
jumped to is populated with your shellcode or a nop sled leading to your shellcode.
Pages:
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692