Too Long; Didn't Read
Structured Exception Handler (SEH) based overflows work in many different ways. In this tutorial, we’ll be using a text file to inject the malicious payload into the vulnerable field. The exploit occurs when Millennium MP3 Studio 2.0 attempts to open files with certain extensions. We attach the Millennium process to Immunity so we can observe the buffer overflow. When an exception is raised, control will jump to the first SEH handler. This will move ESP down the stack twice and return it to EIP.