In this paper, we are going to see an exploit which uses buffer overflow vulnerability in an application to overwrite the SEH handler. This paper will outline all the steps necessary to exploit such a vulnerability, from detecting the point of buffer overflow in the application, to writing an exploit. The exploit uses an Activex control (XXXXX.dll) having buffer overflow vulnerability as a sample application, using this we can test out remote buffer overflow exploit.
The only tools you need here are COMRaider, a Debugger, VC++ 6 IDE; COMRaider is fuzzer tool for fuzzing interfaces of the Activex components in the application, the debugger to find the actual location of the overflow and VC++ to write the exploit code.
The steps we see here can be automated with various tools such as Metasploit but to get a better understanding, all the steps are performed manually.
This document is in PDF format. To view it click here.