Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
396
Views
0
Helpful
1
Replies

CSA: Bufferoverflow exposed.

fkhan6_wb
Level 1
Level 1

‎04-12-2007 02:02 PM - edited ‎03-10-2019 03:33 AM

I am looking into the bufferoverflow events in CSA and need your assistance in this one.

Here is the event:

The application 'C:\Program Files\Internet Explorer\iexplore.exe' (***) tried to call the function VirtualProtectEx("<self>") from a buffer (the return address was 0x7c108ec9). The code at this address is 'ff7510ff 750cff75 086affe8 75ffffff 5dc21000 90909090 90e9733c 9093807c'

Is this action is very suspicious since the VirtualProtectEx function changes the access protection on a region of committed pages in the virtual address space of a specified process.?

Is it possible to figure out what does the code 'ff7510ff 750cff75 086affe8 75ffffff 5dc21000 90909090 90e9733c 9093807c' means?

Many thanks

Labels:
0 Helpful
1 Reply 1

tsteger1
Level 8
Level 8

‎04-12-2007 03:24 PM

I have a machine that got the exact same message (including the code address) and it was the same day they installed a Tomcat Web server and Spyware Doctor.

I believe Spyware Doctor was the culprit in my case.

Tom S

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card