[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Status of Netscape Bug Exploit (suggestions needed)

To: Ray Cromwell <[email protected]>
Subject: Re: Status of Netscape Bug Exploit (suggestions needed)
From: "Rev. Mark Grant" <[email protected]>
Date: Wed, 27 Sep 1995 15:55:30 +0100 (BST)
Cc: [email protected]
Sender: [email protected]


Couldn't you either create the address in a register, and then do an 
indirect jump through the register, or push it onto the stack and do a 
ret ? You could do something like 

	mov ecx, address + 01010101
	sub ecx, 01010101
	jmp [ecx]

I'm not certain of the format for BSDI assembler, but I presume that's 
possible. You could modify the value you add and subtract to make sure 
there are no netscape-invalid bytes in the compiled code.

	Mark

Prev by Date: Re: NO weak links in DigiCash system!!!
Next by Date: [ PROPOSED NEW STANDARD ] "I-like-encrypted-mail" tag
Prev by thread: Status of Netscape Bug Exploit (suggestions needed)
Next by thread: Time Keys, Some Secure Ideas (by Alias: Jay Hyden)
Index(es):
- Date
- Thread