Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP
Most buffer overflow exploits for Windows have relied on getting code on the stack and somehow jumping process execution to there, but as more products arrive in the market to prevent such attacks from succeeding the non-stack based overflow exploit will become more and more common. This document will describe what they are and how to write one. As will be seen they are easy to write, more so than traditional stack based overflows and as they only require only an understanding of how functions are called at a low level. The non-stack based buffer overflow exploit writer doesn’t even need to know assembly language.
Download the paper in PDF format here.