Advise - Assess - Assure
is differentiated by our strong focus on research
and development, through new products released
such as SA-ISO , through to our commitment to the
discovery and publication of Microsoft
In 2003, Security-Assessment.com came second
globally in the discovery and publication of
Microsoft Vulnerabilities. We stay at the
front because we have highly skilled people and
use only the best resources in our research and
In this section we have
provided information and samples of tools that we
Qualys Gaurd continuously scans corporate networks
to discover vulnerabilities, ensure compliance,
and prioritise remediation with no
infrastructure or software to be
deployed or managed.
See why QualysGuard has received numerous
awards for "best Security
Exploiting Freelist On Windows XP Service Pack 2
Windows XP Service pack 2 introduced some new security measures in an attempt to prevent the use of overwritten heap headers to do arbitrary byte writing. This method of exploiting heap overflows, and the protection offered by service pack 2, is widely known and has been well documented in the past.
What this paper will attempt to explain is how other functionality of the heap management code can be used to gain execution control after a chunk header has been overwritten.
In particular this paper takes a look at exploiting freelist overwrites.
Internet systems are often the
first point of external attack. Lack
of input filtering, cross site scripting,
session theft, SQL injection attacks, URL
manipulation all provide areas of weaknesses
that can and are being exploited by
Source Code is subject to the
considerations of security during the life
cycle, test procedures and security
knowledge and capabilities of the
development team. The implications of these
vulnerabilities are serious and include
regulatory, reputational and financial.
Codescan minimises these risks.
Codescan is an automated solution for
source code inspection. It
consultants, development shops and in house
development teams to reduce vulnerabilities
inherent in applications, improve accuracy
of testing, and reduce costs and time
associated with source code inspection and
Us for more information