superuser5 / google-security-research

Automatically exported from code.google.com/p/google-security-research
0 stars 0 forks source link

ESET NOD32 emulator fails if you modify .idata after imports #470

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
If you import _encode_pointer from MSVCR90 and then modify the IAT in your 
code, the emulator gets very confused.

Verify like so:

$ nasm -f bin modifyidata.asm -o modifyidata
$ esets_scan modifyidata
Segmentation Fault

This seems likely to be remotely exploitable.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by tav...@google.com on 30 Jun 2015 at 10:04

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by scvi...@google.com on 1 Jul 2015 at 2:42

GoogleCodeExporter commented 9 years ago
ESET report that this vulnerability was fixed in version 1156, and had already 
been discovered via internal testing.

It's my understanding that the fix was rolled out the same day I had reported 
it.

Original comment by tav...@google.com on 1 Jul 2015 at 5:03