ForAllSecure targetted Disekt running KPRCA_00065 in round 34.

Type 1 POV

eip:0x9186d137 - ebx:0xf312b5f8

Execution control corruption via return (return to: 0xbaaaaedc).

Tracing data from eip: 0x804ac7c tracing source of memory: 0xbaaaaedc (value: 0xbaaaaf2c)

0x804c6f3 : receive syscall (return)
0x804ac5e : mov dl,byte ptr [ecx+eax]
0x804ac67 : mov byte ptr [ecx+eax],dl
0x804ac7c: ret // address: 0xbaaaaedc value: 0xbaaaaf2c

Execution of memory occurred that was not part of the initial text sections or an executably allocated page.

Tracing data from eip: 0xbaaaaf2c tracing source of memory: 0xbaaaaf2c (value: 0xc3a4618b)

0x804c6f3 : receive syscall (return)
0x804ac5e : mov dl,byte ptr [ecx+eax]
0x804ac67 : mov byte ptr [ecx+eax],dl
0xbaaaaf2c: mov esp,dword ptr [ecx-0x5c] // address: 0xbaaaaf2c value: 0xc3a4618b

Negotiated general register: ebx:0xf312b5f8

Tracing data from eip: 0x804c6d7 tracing source of register: ebx (value: 0xf312b5f8)

0x804c6f3 : receive syscall (return)
0x804c6d6 : pop ebx
0x804c6d7: ret // address: ebx value: 0xf312b5f8

Curated by Lunge Technology, LLC. Questions or comments? Send us email