Analisis

La vulnerabilidad se encuentra en el componente ntfs.sys dentro de la funcion NtfsQueryEaUserEaList, podemos ver el codigo vulnerable y el parche.

This post is going to be about the two vulnerabilities found by me in the VMWare hypervisor during my internship at quarkslab, it was a great experience in which I learned a lot.

As the title says, we are going to fuzz the 7zip format of winrar, where all the methods and functions used by the 7zip format are found in the dll 7zxa.dll.

In this tutorial we are going to learn how to use winafl since there is very little information on the Internet and it has its things. To start, let’s see what winafl is: