Nytro Posted May 5, 2011 Report Share Posted May 5, 2011 Bypassing browser memory protections in Windows VistaOver the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities.This work explores the limitations of all aforementioned protection mechanisms, specifically focusing on flaws in their implementation in popular browsers on the Windows platform. We demonstrate a variety of exploitation techniques using popular browser plugins such as Flash, Java and .NET that can be used to bypass the protections and achieve reliable remote code execution.Co-authored by Alexander Sotirov and Mark Dowd.This paper was presented at BlackHat USA 2008.Download:http://www.phreedom.org/research/bypassing-browser-memory-protections/bypassing-browser-memory-protections.pdfSource code:http://www.phreedom.org/research/bypassing-browser-memory-protections/bypassing-browser-memory-protections-code.zipSursa: Bypassing browser memory protections in Windows Vista Quote Link to comment Share on other sites More sharing options...
