Mariusz Woloszyn writes:
> It's true that lynx segfaults on long URLs, but exploiting it is (IMHO)
> impossible because lynx strips all nonprintable characters thus smugling
> RET address is impossible. I have never heard about ASCII only shellcode
> also :)
> I assume lynx bugs are unexploitable...
Don't bet on it. For the x86, at least, it's not that hard to use only
the opcodes that are printable ASCII characters to write pretty much any
program you'd want; using self-modifying code you can generate the
opcodes that aren't in the printable ASCII set. I've seen examples,
such as a printable-ASCII-only .COM file for bootstrapping a DOS Kermit
distribution.
