I got a bug on Windows where userland code is freeing (heap block pointer + static offset). Never seen that before! How exploitable is this?
Not sure where you're going. Windows' heap allocator appears to detect it and terminates the process, even without page heap.
-
-
but I'm interested in whether anyone has seen this before and exploited it. It seems like a completely new class of bugs to me.
-
Okay, so it always crashes there, and you found a way to actually get that code executed.
-
I'd say it's programming bug and QA never got that branch executed.
-
As for exploitation, it seems you'll have to first bypass heap allocator's heap corruption detection.
-
In other words, good luck! ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.