Jump to content
begood

[0-day] Safari 4.0.5 parent.close() Memory Corruption exploit (w/ASLR and DEP bypass)

By begood, in Exploituri

Recommended Posts

begood Newbie

begood

Posted
Posted

# Title: Safari 4.0.5 parent.close() Memory Corruption exploit (w/ASLR and DEP bypass)

# EDB-ID: 12614

# CVE-ID: ()

# OSVDB-ID: ()

# Author: Alexey Sintsov

# Published: 2010-05-15

# Verified: no

# Download Exploit Code

# Download N/A

Download:

http://www.exploit-db.com/sploits/safari_parent_close_sintsov.zip

Unzip and run START.htm

This exploit use JIT-SPRAY for DEP and ASLR bypass.

jit-shellcode: system("notepad")

0day.html - use 0x09090101 address for CALL JITed shellcode.

START.htm -> iff.htm -> if1.htm -> 0day.html

| |

| |

JIT-SPRAY parent.close();

0x09090101 - JITed * ESI=0x09090101

shellcode * CALL ESI

By Alexey Sintsov

from

Digital Security Research Group

[/"]www.dsecrg.com]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...