|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 12:00
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 3 posts ] |
|
Author |
Message |
aluigi
|
Post subject: First vulnerability in the Doom 3 engine Posted: 01 Oct 2007 18:47 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
|
Top |
|
|
Sethioz
|
Post subject: Posted: 02 Oct 2007 11:14 |
|
Joined: 24 Sep 2007 02:12 Posts: 1114 Location: http://sethioz.co.uk
|
nice discovery. ..so basically its something like buffer overflow ?
i dont have any of those games anymore...
|
|
Top |
|
|
aluigi
|
Post subject: Posted: 02 Oct 2007 11:38 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
A format string allows code execution so, although it's different than buffer-overflow (aaaaaaa...aaaa), it has the same final effect.
In C there are the functions of the *printf family in which you can specify a string (called format argument or string) that is used to show numbers in hex format, or in decimal format, or parts of text strings and so on: %s %n %f %c %d %u %o and so on.
When this format argument is missed the user supplied string will be used as format allowing the attacker to take control of the stack.
|
|
Top |
|
|
|
Page 1 of 1
|
[ 3 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|