Memory corruption exploitation have been around since 1988, after the Morris worm breakout. Exploitation of memory corruption has been seen widely targeted regardless from closed source to open source. Vulnerability classes has been introduced to differ type of memory corruptions. Different classes will have a different type of exploitation, thus introducing exploitation techniques such as Return Oriented Programming (ROP), return-to-libc (ret2libc), and many more.
Memory corruption has been categorized as one of the dangerous software errors. Security Researchers and vendors has been fighting over the years by introducing new techniques of exploitation as well the exploit mitigations. Different Operating Systems have their own memory corruption mitigation to prevent or reduce the surface of the exploitation. Prior to that, we can see numbers of exploits being used in the wild has been reduced due to the mitigation especially in Windows security mitigations.
During presentation we will demo some vulnerabilities we found that related to memory corruption found in a different software. We demonstrate two different vulnerability, a classical buffer overflow and integer overflow. A buffer overflow found in GNU Sharutils with CVE assigned CVE-2018-1000097. In the talk, we will demonstrate our approach finding vulnerability in the software. The second issue we will be demonstrating old vulnerability integer overflow found in Windows Kernel win32k.sys.
It has been numbers of year vendors have work on multiple software security research, but mitigating memory corruption still consider as primary threats despite type of products including Operating Systems. This has been proven in a different studies from academic research to large corporations, the evidence shows that the issue similar to cat and mouse game. In our presentation, we will be discussing high-level overview of memory corruption. We will also show how the memory corruption exploitation has been evolving since stack buffer overflow to multi-stage mitigations bypasses.