ForAllSecure targetted CSDS running CROMU_00064 in round 5.


Type 2 POV

Reading from protected address: 0x4347ca34

0xbaaaabd4 : mov ecx,dword ptr [edi-0x3f9791e]

Execution control corruption via return (return to: 0xbaaaac58).

Tracing data from eip: 0x80494a2 tracing source of memory: 0xbaaaac58 (value: 0xbaaaabcf)

0x804ffce : receive syscall (return)
0x80494a2: ret // address: 0xbaaaac58 value: 0xbaaaabcf

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaabcf tracing source of memory: 0xbaaaabcf (value: 0x414352bf)

0x804ffce : receive syscall (return)
0xbaaaabcf: mov edi,0x47414352 // address: 0xbaaaabcf value: 0x414352bf

Curated by Lunge Technology, LLC. Questions or comments? Send us email