Just wondering what means?

Discussion in 'other anti-malware software' started by Wordward, Oct 29, 2007.

Thread Status:
Not open for further replies.
  1. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
  2. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Actually it isn't. :D
     
  3. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It is not about security flows, it is about programming flaws that may lead to BSOD's.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    From article

    Generally, there is no common pattern for exploiting these bugs. An invalid memory read will only produce a BSOD. However, some special cases of missing ProbeForWrite validation can certainly be exploited and may lead to a privilege escalation or even a local root exploit. For example, a missing parameter validation on an OUT PHANDLE argument may, in some cases, be exploited to bypass system's security checks or modify kernel objects. The outcoming value of a newly opened handle can be predicted and if we set this parameter to point somewhere in the kernel, for example inside the kernel structures or a carefully selected address inside kernel code, we can alter the code flow and bypass access checks.

    As I understand it, because XP does not use address space randomisation, an incorrect error handling could result to a 'logic drop through'. When the writer of the malware would know where to point to he/she could get access to the kernel even with limited user rights. Most of the exceptions would lead to BSOD/other exceptions as Ilya points out.

    Looks quite theoretical to me, because it requires a lot of research and trial on error to make this work (no common pattern to exploit these [program] bugs). If I was a hacker I would direct this to companies in stead of ordinary PC users when putting so much effort into code like this.

    Regards Kees
     
    Last edited: Oct 30, 2007
Loading...
Thread Status:
Not open for further replies.