WorstFit: Unveiling Hidden Transformers in Windows ANSI! | Orange Tsai
📌 This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help and idea were invaluable. Please also give him a big shout-out!
The research unveils a new attack surface in Windows by exploiting Best-Fit, an internal charset conversion feature. Through our work, we successfully transformed this feature into several practical attacks, including Path Traversal, Argument Injection, and even RCE, affecting numerous well-known applications! Given that the root cause spans compiler behavior, C/C++ runtime and developer’s mistakes, we also discussed the challenges of pushing fixes within the open-source ecosystem. Get the latest update and slides on our website!🔥 → https://worst.fit/
Let’s imagine that: you’re a pentester, and your target website is running the following code. Can you pop a calc.exe with that?
