> Although the vulnerabilities are hard to exploit, > it's not impossible. > There are some restrictions to bypass: > > - The path name is formated in Unicode, so we have to find an opcode in an > address with an unicode format > - The shellcode has to be in the path name so we have to use an Alphanumeric > shellcode
What's to stop someone from encoding the path(shellcode) in unicode(using both bytes of unicode/no null bytes)? Also, is there a special situation why it has to be strictly alphanumeric? Because, in general this is not the case. I've worked with these guidelines myself in the past(http://fakehalo.us/xfinder-ds.pl), and I see no specific issue with doing similar for this, unless information to the contrary isn't included.
