Breaking C++ Applications presented at Blackhat USA 2007

by Neel Mehta,

Tags: Security

Summary : This presentation addresses the stated
problem by focusing specifically on C++-based security, and outlines
types of vulnerabilities that can exist in C++ applications. It will
examine not only the base language, but also covers APIs and auxillary
functionality provided by common platforms, primarily the contemporary
Windows OSs. The topics that will be addressed in this presentation
include object initialization/destruction, handling object arrays,
implications of operator overloading, and problems arising from
implementing exception handling functionality. Various STL classes will
also be discussed in terms of how they might be susceptible to misuse,
and unexpected quirks that can manifest as security problems. This
presentation will include discussion of bug classes that have yet to be
discussed or exploited in a public forum (to our knowledge) for the
topic areas outlined.