https://bugs.winehq.org/show_bug.cgi?id=46661 --- Comment #9 from ossecurity <ossecurity(a)iscas.ac.cn> --- Hi, Zebediah Thank you for your reply. I'm a novice about attack methods. What do you mean by much easier ways? Could you please provide some examples? Names or website links are all helpful for me. By the way, I think the error happened in dll of wine, so it is different from bugs in win32 application. Is the error trigger place make any difference? ------------------------------------------ I upload a log file and a sample test. In this test case, we tamper the 'sPathTarget' to 'NULL', and trigger a 'NULL pointer dereference'. (buffer overflow can be triggered in a similar way but we not provide for the moment). DoInjection.exe and MfcHookApi.dll are created by using classic injection technique. (The first technique summarized in this website [https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques...]) Hope this can help, and thanks for your patience. Ke Yang -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.