Turning Snort 2.6.1 DCE/RPC flaw into a working exploit - Part 1

Today I think I’ve found the new topic, yes it is Snort DEC/RPC preprocessor buffer overflow. It is the interested topic because there is no PoC provide with the advisory. I’m curious and wanna to know how to exploit it, so things come back again. First of all, I have to gather information as much as possible to find the starting point and so on. It provides me these information:

* It is stack-based buffer overflow
* DCE/RPC is dynamic preprocessor and enabled by default
* Overflow occurs in reassembly process
* The attacker can attack Snort with a single packet
* Multiple WriteAndX commands are necessary