Structured Exception Handler ExploitationJune 15, 2011
Author: Brian Mariani, Senior Security Auditor at High-Tech Bridge SA
The SEH exploitation technique was publicly documented by David Litchfield in September of 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.