This was posted on psp-hacks in reference to progress of the work being done with the libungif insecurity.
I hope that the testing proves successful. This would lead to a more convenient way to run code, than the GTA method.Due to the nature of the vulnerability the progress is not as straightforward and fast as with a typical buffer overflow.
However, progress is made and for now it is sure that the libungif vulnerability allows writing of any number of bytes to specific offsets in memory with data that has to pass a certain mask limitation which is relative to the targeted offset.
It is currently being tested with carefully crafted GIF files injecting self-modifing code.
If it works, we have a way to run code on 2.0 - 2.5 FW using this (vsh user mode).
If that will fail, all research and tools made so far will be released to the greater public.