ASLR+DEP = no problem. :>

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not so long ago, ASLR and DEP were gaining wide acceptance. Execshield
was on almost all Linux systems, and the "golden age" of buffer overflow
exploitation looked like it was coming to a close.

It is true that the code is getting better, and the mitigating
protective mechanisms in Windows and Linux are getting better. But like
in a ceramic, the physical properties of a system are defined by the
interfaces between components, not the crystals themselves.

Today, Immunity released a working version of the Aurora exploit for
Windows 7 and IE8 today to CANVAS Early Updates. It does this by playing
some very odd tricks with Flash's JIT compiler. This technique is
extendible to almost all similar vulnerabilities. In other words, ASLR
and DEP are not longer the shield they once were.

I believe Dionysus Blazakis is going to release some details on a
similar technique at BlackHat DC today. If you miss the rest of the
talks, I'd recommend popping into that one. :>

Thanks,
Dave Aitel
Immunity, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAktpqdIACgkQtehAhL0gheotCACfXVRvzHVKxVYWWYQigY7fKPi9
aL0AnjmW40zWTjtwitHJO3Fcv1z9F9QI
=l0KE
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave