Home » News » Vulnerabilities » Google Engineer Disclosed Window's DEP Flaw

Google Engineer Disclosed Window's DEP Flaw

By Jason on March 5, 2010 | Vulnerabilities, DEP, proof-of-concept code, ret-into-libc, Microsoft, Google Google Engineer Disclosed Window's DEP Flaw

A Google security software engineer Berend-Jan Wever revealed his exploit research - published proof-of-concept code that bypasses data error prevention (DEP). This disclosure can lead to more successful attacks against Microsoft's newer operating systems.

DEP intends to prevent an application or service from executing code from a non-executable memory region.

Berend-Jan Wever posted at his personal blog on Monday: “The exploit I released would not work if you had DEP turned on for MSIE. However, I also created a version of the exploit that used ret-into-libc to bypass DEP, which I never released until today.”

Wever's post about the proof-of-concept is not harmless, as it is wrapped around an exploit of a bug in Internet Explorer 6 (IE6) that was patched years ago.

"This exploit targets a bug that was fixed in IE6 in 2005, which explains why it does not affect any recent install. This release is for academic purpose only, it is not an 0-day that script-kiddies can use to pwn your grandma's computer," explained Wever.

More Vulnerabilities news

Shocking: 9 out of 10 websites still vulnerable to old attacks

Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle  (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.


News categories

Latest news

Related news