Editing Vulnerabilities
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 92: | Line 92: | ||
'''Consensus''': Confirmed exploitable before 1.80. YEAH! | '''Consensus''': Confirmed exploitable before 1.80. YEAH! | ||
=== sceIoDevctl does not clear stack buffer === | === sceIoDevctl does not clear stack buffer === | ||
(24/11/2014) | (24/11/2014) | ||
Line 141: | Line 116: | ||
When passed proper arguments, sceNetSyscallIoctl will execute a function from the socket's vtable at the end: | When passed proper arguments, sceNetSyscallIoctl will execute a function from the socket's vtable at the end: | ||
< | <pre> | ||
v13 = (*(int (__fastcall **)(int, signed int, unsigned int, char *))(*(_DWORD *)(socket + 24) + 28))( | v13 = (*(int (__fastcall **)(int, signed int, unsigned int, char *))(*(_DWORD *)(socket + 24) + 28))( | ||
socket, | socket, | ||
Line 147: | Line 122: | ||
flags_, | flags_, | ||
mem_); | mem_); | ||
</ | </pre> | ||
Fixed in 3.63. | Fixed in 3.63. | ||
Line 194: | Line 169: | ||
(I copied the octopus from an ASCII art page: http://ascii.co.uk/art/octopus) | (I copied the octopus from an ASCII art page: http://ascii.co.uk/art/octopus) | ||
== References == | == References == |