ForAllSecure targetted DeepRed running CROMU_00073 in round 23.


Type 1 POV

eip:0xdc15f652 - eax:0x5cd5320a


Execution control corruption via return (return to: 0xbaaaaf28).

Tracing data from eip: 0x80482c6 tracing source of memory: 0xbaaaaf28 (value: 0xbaaaaef6)

0x805027d : receive syscall (return)
0x80483b7 : mov dl,byte ptr [ecx+eax]
0x80483c7 : mov byte ptr [ecx+eax],dl
0x80482c6: ret // address: 0xbaaaaf28 value: 0xbaaaaef6

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaef6 tracing source of memory: 0xbaaaaef6 (value: 0xd5320ab8)

0x805027d : receive syscall (return)
0x80483a3 : mov dl,byte ptr [ecx+eax]
0x80483ad : mov byte ptr [ecx+eax],dl
0xbaaaaef6: mov eax,0x5cd5320a // address: 0xbaaaaef6 value: 0xd5320ab8

Negotiated general register: eax:0x5cd5320a

Tracing data from eip: 0xbaaaaf00 tracing source of register: eax (value: 0x5cd5320a)

0xbaaaaef6 : mov eax,0x5cd5320a
0xbaaaaf00: jmp ecx // address: eax value: 0x5cd5320a

Curated by Lunge Technology, LLC. Questions or comments? Send us email