Windows "DbgHelp.dll" Export name stack overflow vulnerability
 palaniyappan (dragula) <reverselibrary gmail com> |
Wednesday, November 10 2010 05:35.05 CST |
Malwares are exploiting this vulnerability to protect their code from debugging...
This link has pretty good information about this vulnerability.
http://foolishpages.blogspot.com/2010/11/windows-dbghelpdll-export-name-stack.html
Comments
 j00ru |
Posted: Wednesday, November 10 2010 10:52.46 CST |
|
Hmm... just a lil bit similar to these ones: http://www.openrce.org/blog/view/1369/Old_dbghelp_and_an_old_exploit... http://forum.tuts4you.com/index.php?showtopic=16445 |
|
 dragula |
Posted: Thursday, November 11 2010 00:01.25 CST |
|
@j00ru: Yeah you are right.. |
|
|
palaniyappan |
Posted: Saturday, January 8 2011 06:57.37 CST |
|
Most of the OS executables use this dll internally while loading the executables.. still XP is extremely vulnerable to this attack. But in vista and 7 this problem doesn't exist. |
|