Post Sat Jun 05, 2010 12:20 pm

Evocam Remote Buffer Overflow on OSX

In this tutorial Paul Harrington demonstrates how he used a buffer overflow vulnerability in EvoCam to write a remote exploit for OS X Leopard 10.5.8.


This guide comes from my own journey from finding a buffer overflow in an OS X application to producing a working exploit. I have reasonably good exploit development skills having completed the Penetration Testing with BackTrack and Cracking the Perimeter training courses, and working on several buffer overflow exploits. The majority of my exploit development skills are based around Windows vulnerabilities and using the OllyDBG debugger.

After discovering a buffer overflow vulnerability in EvoCam, a WebCam application on OS X, I thought it would be a good idea to try and develop an exploit for it.

Complete tutorial at Offensive Security blog ... ow-on-osx/