About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Double Free in IE leads to RCE- 122

Zero Day Initiative Posted 6 Years Ago
  • A double free vulnerability is when the same pointer is freed twice. Then, the memory is reallocated twice, creating two pointers to the same memory.
  • The Windows heap manager has built in support for ensuring that this cannot happen. However, the mitigation can be bypassed by exploiting a race condition in the allocation process.
  • The consistency of this exploit was the most difficult part... in order to make the race condition possible, the author allocated more and more style tags (more time).
  • Side note: Windows heap internals are super interesting! At this point, Windows has a non-deterministic heap allocation, which prevents easy exploitation.
  • The concept of ‘spraying’ is very interesting! Sending a ton of requests simply hoping the right thing eventually happens.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed