Safari 4.0.5 Memory Corruption (w/ASLR and DEP bypass) Exploit

2010-05-16 09:04:00

Download:
http://www.hack0wn.com/filedesc/sploits/1569.zip

Unzip and run START.htm

This exploit use JIT-SPRAY for DEP and ASLR bypass.
jit-shellcode: system("notepad")

0day.html - use 0x09090101 address for CALL JITed shellcode.


START.htm -> iff.htm -> if1.htm -> 0day.html
| |
| |
JIT-SPRAY parent.close();
0x09090101 - JITed * ESI=0x09090101
shellcode * CALL ESI

By Alexey Sintsov
from
Digital Security Research Group

[www.dsecrg.com]

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.