Monday 12 April 2010 - A little return oriented exploitation on Windows x86 (Part 1)
Overview
This post will take a look at how Return Oriented Programming (ROP) can be used on x86 Windows in order to bypass DEP and gain arbitrary code execution. The example I will use is from an exploit I wrote last year for a stack based buffer overflow I found in the Sun Java Virtual Machine which was recently patched and disclosed by TippingPoint's ZDI. (ZDI-10-061). Part 2 of this blog post will look at an experimental compiler convention that aims to mitigate return oriented attacks such as the one presented here.
