In a presentation at the Black Hat briefings, Mark Dowd and Alexander Sotirov demonstrated the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.
By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.
Download PDF of paper.
3 comments:
Your blog is very useful. Can I add your blog in my blog feed please? Many thanks!!!
http://softwares-addiction.blogspot.com/
Certainly. Point your feed aggregator to http://chanweiyee.blogspot.com/feeds/posts/default and it will redirect you to where my current feed is located.
Thank you.
http://softwares-addiction.blogspot.com/
Post a Comment