Monday, January 31, 2005

XP SP2 heap protection bypassed.

It had to happen, security is a race isn't it. Microsoft’s SP2 heap protection can be bypassed...
To enable:
o) Arbitrary memory region write access (smaller or equal to 1016 bytes);
o) Arbitrary code execution;
o) DEP bypass.
An excellent paper, written by Positive Technologies the authors of MaxPatrol, released the theory and code examples on how to exploit HEAP overflow vulnerabilities on the new Microsoft XP SP2 and DEP CPU’s. The paper can be read here.