Just wondering what means?

Discussion in 'other anti-malware software' started by Wordward, Oct 29, 2007.

Thread Status:
Not open for further replies.
  1. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
  2. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Actually it isn't. :D
     
  3. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It is not about security flows, it is about programming flaws that may lead to BSOD's.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    From article

    Generally, there is no common pattern for exploiting these bugs. An invalid memory read will only produce a BSOD. However, some special cases of missing ProbeForWrite validation can certainly be exploited and may lead to a privilege escalation or even a local root exploit. For example, a missing parameter validation on an OUT PHANDLE argument may, in some cases, be exploited to bypass system's security checks or modify kernel objects. The outcoming value of a newly opened handle can be predicted and if we set this parameter to point somewhere in the kernel, for example inside the kernel structures or a carefully selected address inside kernel code, we can alter the code flow and bypass access checks.

    As I understand it, because XP does not use address space randomisation, an incorrect error handling could result to a 'logic drop through'. When the writer of the malware would know where to point to he/she could get access to the kernel even with limited user rights. Most of the exceptions would lead to BSOD/other exceptions as Ilya points out.

    Looks quite theoretical to me, because it requires a lot of research and trial on error to make this work (no common pattern to exploit these [program] bugs). If I was a hacker I would direct this to companies in stead of ordinary PC users when putting so much effort into code like this.

    Regards Kees
     
    Last edited: Oct 30, 2007
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.