New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: Fixed
Owner:
Email to this user bounced
Closed: Jul 2015
Cc:



Sign in to add a comment
ESET NOD32 emulator fails if you modify .idata after imports
Project Member Reported by taviso@google.com, Jun 30 2015 Back to list
If you import _encode_pointer from MSVCR90 and then modify the IAT in your code, the emulator gets very confused.

Verify like so:

$ nasm -f bin modifyidata.asm -o modifyidata
$ esets_scan modifyidata
Segmentation Fault

This seems likely to be remotely exploitable.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

 
modifyidata.asm
6.1 KB Download
Project Member Comment 1 by scvitti@google.com, Jul 1 2015
Labels: -Reported-20-Jun-15 Reported-2015-Jun-30
Project Member Comment 2 by taviso@google.com, Jul 1 2015
Labels: -Restrict-View-Commit
Status: Fixed
ESET report that this vulnerability was fixed in version 1156, and had already been discovered via internal testing.

It's my understanding that the fix was rolled out the same day I had reported it.
Sign in to add a comment