Oh OK, then I did see correctly after all. But still, on many modern systems (e.... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		roel_v on Feb 8, 2013 \| parent \| context \| favorite \| on: Libcurl remote code execution Oh OK, then I did see correctly after all. But still, on many modern systems (e.g. with non-executable stack) it would require fairly sophisticated trickery in the payload to make this do anything. I mean, getting control over EIP is a very good first step, but this isn't 1995.

gsg on Feb 8, 2013 | [–]

Control over the program counter allows return-into-libc or other ROP attacks.

X-Istence on Feb 8, 2013 | [–]

Having access to EIP means you have full control. From there it is very simple to do return to libc or ROP attacks. EIP is the holy grail, control that and you win.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact