I think enough time has passed now to provide a little more detail on how to exploit MS14-066 schannel vulnerability (aka “Winshock”). In this post I won’t be providing a complete PoC exploit, but I will delve into the details on exactly how to trigger the heap overflow along with some example modifications to OpenSSL so you can replicate the issue yourself.
more here...........http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/
more here...........http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/