understanding old vul ms08-067


I am trying to understand how the very old vulnerability MS08-067 works. I found a code example http://www.phreedom.org/blog/2008/decompiling-ms08-067/.

Debugging this code shows me that below function could overruns the stack:

wcscpy(previous_slash, &p[2]);

Below screenshot shows status of local vars when the overflow happens:


What confuses me is: wcspy copies the content from &p[2] to previous_slash, &p[2] is part of previous_slash, so its length is shorter. How could the overflow happen when the content for triggering overflow is shorter than the length of dst buffer?

Show source
| security   | c++   | windows   2017-01-07 12:01 0 Answers

Answers to understanding old vul ms08-067 ( 0 )

Leave a reply to - understanding old vul ms08-067

◀ Go back