Microsoft not always eating their own /DYNAMICBASE dogfood

[Larry Seltzer <larry () larryseltzer com>]

http://blogs.pcmag.com/securitywatch/2010/12/exploit_for_unpatched_ie_vulne.php

http://blogs.pcmag.com/securitywatch/2010/12/ie_0-day_shows_microsoft_devel.php



In case you hadn’t heard, there was an IE 0-day which, because a particular
DLL was linked without /DYNAMICBASE, can bypass ASLR and DEP.



MS says there’s no reason not to use EMET to rebase the DLL, so I ask why
they didn’t make it that way to begin with. Turns out /DYNAMICBASE isn’t
really required by the SDL. Shouldn’t it be required unless you have a damn
good reason not to use it? Something’s wrong with this picture.



LJS

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.