[Bug 46661] ISF_Desktop_fnGetDisplayNameOf function missing check for string variable This- >sPathTarget before copy it
wine-bugs at winehq.org
wine-bugs at winehq.org
Tue Feb 19 02:04:00 CST 2019
https://bugs.winehq.org/show_bug.cgi?id=46661
--- Comment #9 from ossecurity <ossecurity at iscas.ac.cn> ---
Hi, Zebediah
Thank you for your reply. I'm a novice about attack methods.
What do you mean by much easier ways? Could you please provide some examples?
Names or website links are all helpful for me.
By the way, I think the error happened in dll of wine, so it is different from
bugs in win32 application. Is the error trigger place make any difference?
------------------------------------------
I upload a log file and a sample test.
In this test case, we tamper the 'sPathTarget' to 'NULL', and trigger a 'NULL
pointer dereference'. (buffer overflow can be triggered in a similar way but we
not provide for the moment).
DoInjection.exe and MfcHookApi.dll are created by using classic injection
technique.
(The first technique summarized in this website
[https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process])
Hope this can help, and thanks for your patience.
Ke Yang
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list