Next: Bibliography
Up: Engineering Heap Overflow Exploits
Previous: Case Study
The technique described in this paper allowed for
reliable exploitation of a buffer overflow that initially had no
predictable and interesting data to overwrite. While some attacker
control is necessary, such as allocation size, overflow size, and
overflow data, this technique should be applicable to other
browser vulnerabilities when the attacker has access to
JavaScript. We suspect that similar techniques may be applicable
given access to other client-side scripting languages.
jake
2008-07-14