VULHUB ™

Multiple application-layer technologies exist to prevent exploitation of stack-overflow conditions. A paper describing a number of new weaknesses in these technologies has been recently published. The weakness described in this report is a lack of protection of function parameters. Affected by this weakness are programs compiled with StackGuard, StackShield, and the Microsoft Visual C++ .NET /GS option. When a stack overflow occurs, it is often possible for the attacker to overwrite data beyond the procedure activation record. In typical Intel C programs, the data pushed on the stack before the return address when a procedure is invoked is that comprising it's arguments. An attacker is often able to corrupt procedure arguments due to their proximity on the stack. Under specific circumstances, this may result in the ability to write almost anywhere in memory.

Multiple application-layer technologies exist to prevent exploitation of stack-overflow conditions. A paper describing a number of new weaknesses in these technologies has been recently published. The weakness described in this report is a lack of protection of function parameters. Affected by this weakness are programs compiled with StackGuard, StackShield, and the Microsoft Visual C++ .NET /GS option. When a stack overflow occurs, it is often possible for the attacker to overwrite data beyond the procedure activation record. In typical Intel C programs, the data pushed on the stack before the return address when a procedure is invoked is that comprising it's arguments. An attacker is often able to corrupt procedure arguments due to their proximity on the stack. Under specific circumstances, this may result in the ability to write almost anywhere in memory.