tags:ivantilpeenterprise_appheap_overflow original link:CVE-2024-22058 Ivanti Landesk LPE newsletter link: exploits.club Weekly Newsletter 23
Exploits Club Summary:
Whatâs a good newsletter without doing a small bit of bashing on Ivanti? In this post, Mantodea Security walks through the discovery and exploitation of an overflow in Ivanti LanDesk. The post starts with a walk through of the vulnerability and the code path in which it can be triggered. It then covers exploitation of the bug, in which it uses a ROP chain to mark memory as executable and overwrites a function pointer to jump to it reliably.