Skip navigation.
Home

Windows "DbgHelp.dll" Export name stack overflow vulnerability

The malwares in wild are exploiting this vulnerability. This vulnerabilty allows remote code to be executed while a debugger loads a specially crafted executable using Microsoft's Dbghelp.dll(ver 5.x).

When I was trying to load the malware that uses this trick it made olly debugger to exit. The below link has some interesting stuff about this vulnerability.

http://foolishpages.blogspot.com/2010/11/windows-dbghelpdll-export-name-stack.html