Comments on: Microsoft !exploitable Extension Review http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/ Wed, 10 Mar 2010 01:49:48 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Opinimand http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-456 Opinimand Sun, 07 Mar 2010 04:24:21 +0000 http://www.snoop-security.com/blog/?p=6#comment-456 thank! thank!

]]> By: Pooredize http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-442 Pooredize Mon, 18 Jan 2010 09:59:58 +0000 http://www.snoop-security.com/blog/?p=6#comment-442 блин...писал-писал, а сообщение не отправилось и не сохранилось :) вообщем блог понравился. админу удачи в развитии. блин…писал-писал, а сообщение не отправилось и не сохранилось :) вообщем блог понравился. админу удачи в развитии.

]]> By: Pooredize http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-441 Pooredize Sat, 16 Jan 2010 08:42:35 +0000 http://www.snoop-security.com/blog/?p=6#comment-441 А мне блог понравился А мне блог понравился

]]> By: blog4liferu http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-439 blog4liferu Tue, 12 Jan 2010 19:05:19 +0000 http://www.snoop-security.com/blog/?p=6#comment-439 yes, partseoru. +1 yes, partseoru. +1

]]> By: partseoru http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-433 partseoru Sat, 02 Jan 2010 03:03:49 +0000 http://www.snoop-security.com/blog/?p=6#comment-433 Я извиняюсь, но, по-моему, Вы не правы. Я уверен. Давайте обсудим. -- English : I'm sorry, but, in my opinion, you're wrong. I'm sure. Let's discuss. /Snake Я извиняюсь, но, по-моему, Вы не правы. Я уверен. Давайте обсудим.

English : I’m sorry, but, in my opinion, you’re wrong. I’m sure. Let’s discuss.
/Snake

]]> By: Zashkaser http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-185 Zashkaser Wed, 05 Aug 2009 17:37:53 +0000 http://www.snoop-security.com/blog/?p=6#comment-185 thanks for the catch. I’ll get in there and fix it…. thanks for the catch. I’ll get in there and fix it….

]]> By: sCORPINo http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-145 sCORPINo Sun, 28 Jun 2009 23:39:50 +0000 http://www.snoop-security.com/blog/?p=6#comment-145 @Mario Thanks for reading this review and commenting on :-) yep, DEP have to be reported as Exploitable, and i encourage MS guys, that accepted their mitigation can be bypassed(as mentioned in their plugin result). yes, this plugin can be great when you got a bunch of crashes from a fuzzing session and want to clarify security bugs from other bugs to focus on them. thanks for your great comments again ;-) @Mario
Thanks for reading this review and commenting on :-)
yep, DEP have to be reported as Exploitable, and i encourage MS guys, that accepted their mitigation can be bypassed(as mentioned in their plugin result).

yes, this plugin can be great when you got a bunch of crashes from a fuzzing session and want to clarify security bugs from other bugs to focus on them.
thanks for your great comments again ;-)

]]> By: Mario Vilas http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-144 Mario Vilas Sun, 28 Jun 2009 19:10:02 +0000 http://www.snoop-security.com/blog/?p=6#comment-144 Good review :) I've got some comments to add to it: DEP access violations have to be reported as exploitable, because not all hardwares and not all Windows installations support or enable DEP. Breakpoints may or may not be related to security bugs. For example, when the heap is in debug mode, a breakpoint will be hit whenever a heap buffer overflow is detected. Also, I believe you'll get a better result with the format string poc if you use %n rather than %x. That way you'll get an access violation when writing rather than reading. All in all I think it's a good tool to couple with a fuzzer. It can filter out quite a few harmless crashes. Then again, of course, it can't replace a human analysis, but I don't think it's meant to. Nice post, keep up the good work! :) Good review :)

I’ve got some comments to add to it:

DEP access violations have to be reported as exploitable, because not all hardwares and not all Windows installations support or enable DEP.

Breakpoints may or may not be related to security bugs. For example, when the heap is in debug mode, a breakpoint will be hit whenever a heap buffer overflow is detected.

Also, I believe you’ll get a better result with the format string poc if you use %n rather than %x. That way you’ll get an access violation when writing rather than reading.

All in all I think it’s a good tool to couple with a fuzzer. It can filter out quite a few harmless crashes. Then again, of course, it can’t replace a human analysis, but I don’t think it’s meant to.

Nice post, keep up the good work! :)

]]> By: Max http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-139 Max Sun, 07 Jun 2009 18:41:47 +0000 http://www.snoop-security.com/blog/?p=6#comment-139 Interisting post, keep work Interisting post, keep work

]]> By: Hamid.K http://www.snoop-security.com/blog/index.php/2009/03/microsoft-exploitable-extension-review/comment-page-1/#comment-30 Hamid.K Wed, 01 Apr 2009 21:48:43 +0000 http://www.snoop-security.com/blog/?p=6#comment-30 Good post , :) keep the good work. --------------------------------------------------------------------- <strong>sCORPINo</strong>: Thanks for your comment. Good post , :)
keep the good work.

———————————————————————
sCORPINo:
Thanks for your comment.

]]>