Google Engineer Disclosed Window's DEP Flaw

A Google security software engineer Berend-Jan Wever revealed his exploit research - published proof-of-concept code that bypasses data error prevention (DEP). This disclosure can lead to more successful attacks against Microsoft's newer operating systems.

DEP intends to prevent an application or service from executing code from a non-executable memory region.

Berend-Jan Wever posted at his personal blog on Monday: “The exploit I released would not work if you had DEP turned on for MSIE. However, I also created a version of the exploit that used ret-into-libc to bypass DEP, which I never released until today.”

Wever's post about the proof-of-concept is not harmless, as it is wrapped around an exploit of a bug in Internet Explorer 6 (IE6) that was patched years ago.

"This exploit targets a bug that was fixed in IE6 in 2005, which explains why it does not affect any recent install. This release is for academic purpose only, it is not an 0-day that script-kiddies can use to pwn your grandma's computer," explained Wever.

More Vulnerabilities news

Denial-of-service flaw is fixed by Oracle

Recently, Oracle released a patch which fixed denial-of-service vulnerability in the Oracle WebLogic Server, Application Server and iPlanet Web Server. In a security bulletin Oracle warned that "vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password." Oracle pointed out that a fix for the same vulnerability in the GlassFish Server was released last month. Read more.

• Firefox 9.0 and four critical flaws fixed
• Major flaw of Adobe Reader and Acrobat 9.x is patched
• Adobe Reader targeted again: Acrobat vulnerability
• From „White hat“ Charlie Miller was turned to „Black hat“
• Temporary remedy against Dugu
• Malware distribution tendencies 2011
• Mac OS X Lion flaw gives opportunity attacker changing victim’s password
• Flaws have been detected in Symantec Endpoint Protection Manager
• New IE bug may expose your cookies
• Secret is not revealed but Facebook’s flaw is repaired

News categories

• Malware
• Spam and email
• Phishing
• Vulnerabilities
• Computer Security
• Security basics
• Rogue Antispyware

Latest news

• Frauds versus security tools versus trust issues
• Windows 7 Antispyware 2012 removal tutorial
• Remove WinMaximizer fraud
• Slow-PCFighter uninstall guide
• Protect your office emails!
• Adobe news: Sandboxed Flash Player for Firefox released
• Google fights Android malware
• Denial-of-service flaw is fixed by Oracle
• How to get PDF secured?
• How to remove AV Security Essentials malware?

Related news

• Top 10 TLDs Used by Botnets For CnC
• Google Announced a New Bug Bounty Program
• Mistakes to Avoid on Social Networks

Antispyware Software

• Spyware Doctor
  • Rating
    
    Download Read review
    Spyware Doctor is one of the most reputable security programs and it’s one of the most often recommended anti-spyware tools. It's known for quick and effective scanning methods.
    
    
• VIPRE Antivirus + Antispyware
  • Rating
    
    Download Read review
    VIPRE combines antivirus, antispyware, anti-rootkit and other technologies into a seamless, tightly-integrated product.
    
    
• Trend Micro AntiVirus plus AntiSpyware
  • Rating
    
    Download Read review
    Trend Micro AntiVirus + AntiSpyware is the essential security you need so you can email and share files with confidence.
    
    
• Malwarebytes Anti-Malware
  • Rating
    
    Download Read review
    Malwarebytes Anti-Malware can detect and remove malware that other anti-virus and spyware programs generally miss, including rogue security software, although it is not effective against rootkits or viruses.
    
    
• Kaspersky Anti-Virus 2011
  • Rating
    
    Download Read review
    Kaspersky Anti-Virus 2011 is one of the optimal choices for protecting a computer from viruses and other threats. It offers multiple functions for cleaning a system and keeping it safe. Although it costs more than average anti-virus kit, Kaspersky Anti-Virus is often rated better than similar tools by users even when free virus removers are also in the assortment.
    
    
• Webroot Antivirus with Spy Sweeper
  • Rating
    
    Download Read review
    Powerful antivirus and antispyware software combined to provide the best protection against viruses, spyware and more.
    
    

Subscribe

Latest threats

• Windows 7 Antispyware 2012
• WinMaximizer
• Slow-PCFighter
• AV Security Essentials
• Smart Anti-Malware Protection
• Malware Protection Center
• Antivirus Smart Protection
• Internet Security 2012
• Smart Internet Protection 2012
• Smart Protection 2012
• Internet Security Guard
• Home Security Essentials
• Windows XP Internet Security 2012
• Windows 7 Internet Security 2012
• Windows Vista Internet Security 2012
• System Check
• Intelinet Smart Security 3.1.0
• Super AV
• Home Security Solutions
• Best Antivirus