No wonder Google is investing in Fuchsia?
^1: Actually, that came from some remark I read but I disagree. It might be as trivial as unlink. That is, set up non-paged memory in a deterministic manner, exploit a buffer overrun in SMB to corrupt a part of the kernel heap, unlink into the payload. I don't see why it would need a heap spray.
EDIT: Explanation here.
^1: Actually, that came from some remark I read but I disagree. It might be as trivial as unlink. That is, set up non-paged memory in a deterministic manner, exploit a buffer overrun in SMB to corrupt a part of the kernel heap, unlink into the payload. I don't see why it would need a heap spray.
EDIT: Explanation here.