The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.04 - July-Aug. (2012 vol.10)
pp: 82-84
Chris Valasek , Coverity
ABSTRACT
Attackers can gain unauthenticated remote control of the program counter through CVE-2010-3972, a vulnerability in Microsoft's Internet Information Services FTP 7.5. This example of primitive chaining shows that attackers can combine information about the operating system, application, and vulnerability to create a viable exploit.
INDEX TERMS
computer security, exploitation primitives, primitive chaining, Microsoft IIS FTP 7.5
CITATION
Chris Valasek, "Primitive-Chaining Exploits: A Real-World Example", IEEE Security & Privacy, vol.10, no. 4, pp. 82-84, July-Aug. 2012, doi:10.1109/MSP.2012.105
REFERENCES
1. “CVE-2010-3972,” Mitre, 2012; http://cve.mitre.org/cgi-bincvename.cgi?name=CVE-2010-3972 .
2. N. Lala, “Assessing an IIS FTP 7.5 Unauthenticated Denial of Service Vulnerability,” blog, Microsoft, 22 Dec. 2010; http://blogs.technet.com/b/srd/archive/2010/ 12/22assessing-an-iis-ftp-7-5-unauthenticated-denial-of-service-vulnerability.aspx .
3. C. Valasek, “Understanding the Low Fragmentation Heap,” 2010; http://illmatics.comUnderstanding_the_LFH.pdf .
4. Aleph One, “Smashing the Stack for Fun and Profit”; http://insecure.org/stfsmashstack.html.
5. redpantz, “The Art of Exploitation: Exploiting MS11-004 Microsoft IIS 7.5 Remote Heap Buffer Overflow,” Phrack, no. 68, 2012; www.phrack.orgissues.html?issue=68&id=12 .
38 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool