Without going too deep into details, this vulnerability allows to write into a buffer which is smaller than the amount of data to be written (a classic). So, for this case, I can use a real-life scenario: for example, CVE-2015-3824 “Google Stagefright ‘tx3g’ MP4 Atom Integer Overflow Remote Code Execution”. Well, this whole attack is based on a series of vulnerability and most of them are integer overflows (or underflows). In these days the mobile ITsec world is shaken by this Android vulnerability called “ Stagefright“, which allows to execute remote code by just sending a well-forged MMS text.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |