25 October 2012

Canon Netspot Console Heap Overflow



Windbg Output :


First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=cccccccc ebx=00390000 ecx=01317ae8 edx=00390378 esi=01317ae0 edi=cccccccc
eip=7c910cce esp=0114fbbc ebp=0114fddc iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
ntdll!RtlAllocateHeap+0x567:
7c910cce 8b10            mov     edx,dword ptr [eax]  ds:0023:cccccccc=????????
0:002> u 7c910cce
ntdll!RtlAllocateHeap+0x567:
7c910cce 8b10            mov     edx,dword ptr [eax]
7c910cd0 3b5704          cmp     edx,dword ptr [edi+4]
7c910cd3 0f85505c0200    jne     ntdll!RtlAllocateHeap+0x579 (7c936929)
7c910cd9 3bd1            cmp     edx,ecx
7c910cdb 0f85485c0200    jne     ntdll!RtlAllocateHeap+0x579 (7c936929)
7c910ce1 8938            mov     dword ptr [eax],edi
7c910ce3 894704          mov     dword ptr [edi+4],eax
7c910ce6 3bf8            cmp     edi,eax


No comments: