.Hi , i am new to this forum , hope this topic is in right place.
have a look on this URL:
http://buzzworld.org/published.html
there is an entry called :
APS018
Microsoft GDI WMF Parsing Heap Overflow Vulnerability
Sebastian said :
the "best" exploitation vector is a browser since we can make use of heap spraying to get
fairly reliable code execution.
i search for an exploit using this method but i found nothing. how we can invoke api like that in browser environment?
is any GDI api invocable in browser environment?
is any windows api is invocable in browser environment?
(it make no sense, using LoadLibraryA or GetProcAddress or createprocess can be dangerous)
fast response appreciated.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}