https://bugs.winehq.org/show_bug.cgi?id=46661
--- Comment #9 from ossecurity ossecurity@iscas.ac.cn --- Hi, Zebediah
Thank you for your reply. I'm a novice about attack methods. What do you mean by much easier ways? Could you please provide some examples? Names or website links are all helpful for me.
By the way, I think the error happened in dll of wine, so it is different from bugs in win32 application. Is the error trigger place make any difference?
------------------------------------------ I upload a log file and a sample test. In this test case, we tamper the 'sPathTarget' to 'NULL', and trigger a 'NULL pointer dereference'. (buffer overflow can be triggered in a similar way but we not provide for the moment).
DoInjection.exe and MfcHookApi.dll are created by using classic injection technique. (The first technique summarized in this website [https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques...])
Hope this can help, and thanks for your patience.
Ke Yang