This content explores a new attack surface on Windows by exploiting the Best-Fit character conversion feature. It discusses the history of encoding in Windows, transitioning from ANSI to Unicode, and the challenges of handling non-ASCII characters. The research uncovers how Best-Fit behavior can lead to critical vulnerabilities, including Filename Smuggling, Argument Splitting, and Environment Variable Confusion. It showcases a real-world case study of Path Traversal to Remote Code Execution on Cuckoo Sandbox due to vulnerabilities in Python 2.7. The content highlights the unexpected and impactful consequences of Best-Fit character conversions on Windows systems, shedding light on the vulnerabilities in the system’s APIs and CRT functions.
https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/