In light of COVID-19 precaution measures, we remind that all ImmuniWeb products can be easily configured and safely paid online without any human contact or paperwork.

Community Edition
Total Tests:
This Week:
Today:
Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime


Your data will stay confidential Private and Confidential

Security Blog
6 Reasons Why AI is Important in 2020
March 25, 2020
5 Reasons Why COVID-19 Will Bolster the Cybersecurity Industry
March 10, 2020
A Portrait of a Modern Cybercriminal
February 28, 2020
State of Cybersecurity at Top 100 Global Airports
January 29, 2020
AI: Is the Hype Over or Is it Just the Solow Paradox?
January 17, 2020
News and press releases
ImmuniWeb Enables Secure Digital Transformation for Coronavirus-Affected Business
March 23, 2020
ImmuniWeb Releases Major Update for ImmuniWeb® Discovery
March 19, 2020
BDO to Partner with ImmuniWeb to Reduce Complexity and Costs of Cybersecurity
March 18, 2020
New Features of ImmuniWeb MobileSuite
February 28, 2020
ImmuniWeb to Partner with Appdome in Mobile Application Security
February 13, 2020
OWASP Top 10
OWASP’s #1 Web Application Risk - the Threat of and Solution to Web Application Injection Attacks
June 14, 2018
OWASP’s #2 Web Application Risk – the Threat of and Solution to Broken Authentication
June 21, 2018
OWASP’s #3 Web Application Risk – the Threat of and Solution to Sensitive Data Exposure
June 28, 2018
XML External Entities (XXE): the Threat of and Solution
July 5, 2018
OWASP Top 10: Broken Access Control, the risks and solutions
July 12, 2018
Security Misconfiguration, a conscious element of OWASP Top 10, the risks and solutions
July 19, 2018
XSS, a notable OWASP Top 10 old-timer, still brings up to $7,500 to researchers
July 26, 2018
Insecure Deserialization: OWASP Top 10 element of arduous exploitation but leading to system takeover
August 2, 2018
Components with Known Vulnerabilities - a major OWASP Top 10 Risk
August 21, 2018
Last but not least: OWASP Top Ten #10 - Insufficient Logging and Monitoring
August 14, 2018
Search Blog
#infosec #OWASP
#Risk Management #microservices
#Application Security #Cybersecurity #AI #DevSecOps

Structured Exception Handler Exploitation

Wednesday, June 15, 2011 By Read Time: 4 min.

The SEH exploitation technique was publicly documented by David Litchfield in September of 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.


Author: Brian Mariani, Senior Security Auditor at High-Tech Bridge SA


The SEH exploitation technique was publicly documented by David Litchfield in September of 2003. At a high-level, the SEH overwrite technique uses a software vulnerability to execute arbitrary code by abusing the 32-bit exception dispatching facilities provided by Windows. At a functional level, an SEH overwrite is generally accomplished by using a stack-based buffer. This document explains SEH details while exploiting a real case.


Tags: Exploitation
Previous Blog Posts:

Fake Malware and Virus Scanners

Become fully aware of the potential dangers of ActiveX attacks


User Comments
Add Comment

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Ask a Question