Irregular Expressions

Apr 25 2010   11:08PM GMT

MS10-025 And Buffer Overflows

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

The MS10-025 update has been retracted, MS states that it “does not address the underlying issue” .

MS10-025 is a Windows Server 2000 SP4 Windows media services Stack-based buffer overflow. Both are the same concept, but Stack vs Heap referrers to where the overflow occurred.

A Heap overflow takes place in a dynamically allocated section of memory, for those of you that can understand c it would be a variable crated with the “malloc” function. Heap memory is allocated at run time ( dynamic ).

char *buff = malloc(10);

Stack overflows take place in static variables ( set at compile time ). Again if you can read c and if you cannot this will look familiar.

char buff[10];

Either one is exploited by the same technique, sending more data then the buffer can hold.

Here is the technical write up at US-Cert.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: