ForAllSecure targetted Disekt running KPRCA_00065 in round 33.


Type 1 POV

eip:0xe03443e - ebp:0x8eaa7b55


Execution control corruption via return (return to: 0xbaaaaedc).

Tracing data from eip: 0x804ac7c tracing source of memory: 0xbaaaaedc (value: 0xbaaaaf2c)

0x804c6f3 : receive syscall (return)
0x804ac5e : mov dl,byte ptr [ecx+eax]
0x804ac67 : mov byte ptr [ecx+eax],dl
0x804ac7c: ret // address: 0xbaaaaedc value: 0xbaaaaf2c

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf2c tracing source of memory: 0xbaaaaf2c (value: 0xc3a4618b)

0x804c6f3 : receive syscall (return)
0x804ac5e : mov dl,byte ptr [ecx+eax]
0x804ac67 : mov byte ptr [ecx+eax],dl
0xbaaaaf2c: mov esp,dword ptr [ecx-0x5c] // address: 0xbaaaaf2c value: 0xc3a4618b

Negotiated general register: ebp:0x8eaa7b55

Tracing data from eip: 0x8048ea7 tracing source of register: ebp (value: 0x8eaa7b55)

0x804c6f3 : receive syscall (return)
0x8048ea6 : pop ebp
0x8048ea7: ret // address: ebp value: 0x8eaa7b55

Curated by Lunge Technology, LLC. Questions or comments? Send us email