Jump to content
Nytro

Bypassing browser memory protections in Windows Vista

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Bypassing browser memory protections in Windows Vista

Over the past several years, Microsoft has implemented a number of memory protection mechanisms with the goal of preventing the reliable exploitation of common software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR complicate the exploitation of many memory corruption vulnerabilities.

This work explores the limitations of all aforementioned protection mechanisms, specifically focusing on flaws in their implementation in popular browsers on the Windows platform. We demonstrate a variety of exploitation techniques using popular browser plugins such as Flash, Java and .NET that can be used to bypass the protections and achieve reliable remote code execution.

Co-authored by Alexander Sotirov and Mark Dowd.

This paper was presented at BlackHat USA 2008.

Download:

http://www.phreedom.org/research/bypassing-browser-memory-protections/bypassing-browser-memory-protections.pdf

Source code:

http://www.phreedom.org/research/bypassing-browser-memory-protections/bypassing-browser-memory-protections-code.zip

Sursa: Bypassing browser memory protections in Windows Vista

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...