 |
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 15:19
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 3 posts ] |
|
| Author |
Message |
|
aluigi
|
Post subject: First vulnerability in the Doom 3 engine  Posted: 01 Oct 2007 18:47 |
|
Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
|
|
| Top |
|
 |
|
Sethioz
|
Post subject: Posted: 02 Oct 2007 11:14 |
|
Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
|
|
nice discovery. ..so basically its something like buffer overflow ?
i dont have any of those games anymore...
|
|
| Top |
|
|
|
aluigi
|
Post subject: Posted: 02 Oct 2007 11:38 |
|
Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
|
|
A format string allows code execution so, although it's different than buffer-overflow (aaaaaaa...aaaa), it has the same final effect.
In C there are the functions of the *printf family in which you can specify a string (called format argument or string) that is used to show numbers in hex format, or in decimal format, or parts of text strings and so on: %s %n %f %c %d %u %o and so on.
When this format argument is missed the user supplied string will be used as format allowing the attacker to take control of the stack.
|
|
| Top |
|
|
|
|
Page 1 of 1
|
[ 3 posts ] |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
