Description
Exploit of buffer overflow in dynamic memory on Windows. This exploit requires that the overwriten memory adress is executable.
The HeapFree() on line 38 creates a gap in the contiguous allocated memory. The memcpy() on line 39 is an example of exploit. The first 16 bytes of malArg overwrite the user data area, the next 8 bytes overwrite the boundary tag for the free chunk and the next 8 bytes of malArg overwrite the pointers to the next and previous chunck.
From "Secure Coding in C and C++" by Robert C. Seacord.
Page 128, Figure 4-29
Flaws
Have any comments on this test case? Please, send us an email.