Changes

Jump to navigation Jump to search
842 bytes added ,  23:40, 30 April 2016
VVVVVV
Line 52: Line 52:  
| Time of exploit release.
 
| Time of exploit release.
 
| April 14, 2016
 
| April 14, 2016
 +
| [[User:Shinyquagsire23|Shiny Quagsire]]
 +
|-
 +
| VVVVVV
 +
| Buffer overflow in XML save file array parsing
 +
| VVVVVV utilizes several XML files (renamed with a .vvv extension) to store level save data, stats and settings. Within these XML files are several tags containing an array of data which, when parsed, is not properly checked to be of proper length for the tag being parsed from. This allows for an overflow of 16-bit array values from the location where the array is parsed. With unlock.vvv, XML data is parsed to the stack, and with level saves the heap. This allows for the pointer where the level save worldmap tag array should be parsed into to be overwritten with a stack address, allowing for ROP from within the XML array parsing function on the next level load.
 +
| None
 +
| [[10.7.0-32]].
 +
| Time of exploit release.
 +
| April 25, 2016
 
| [[User:Shinyquagsire23|Shiny Quagsire]]
 
| [[User:Shinyquagsire23|Shiny Quagsire]]
 
|}
 
|}

Navigation menu