Dailydave mailing list archives
Re: Vista SP1
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 25 Apr 2008 08:41:23 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've been told (although I did not write that exploit, Kostya did) that you end up using opcodes in your bytecode stream to get execution. This would mean that the bytecode stream has to be executable, which SP1 breaks. Not that this breaks the many other ways you can write the exploit, but it would make it slightly harder. I could be wrong on this - -dave Alexander Sotirov wrote: | On Thu, Apr 24, 2008 at 07:27:18AM -0400, Dave Aitel wrote: |> Vista SP1 was released to Automatic Update. One thing about SP1 is that it |> breaks the Flash exploit Mark Dowd describes in his paper by making certain |> memory NX. | | What memory does SP1 make NX? The iexplore.exe process is not on the OptIn DEP | list in Vista SP1, so everything in memory is always executable. | | Alex -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIEdFztehAhL0gheoRAr/tAJ9MDoOPD4KLnmeaOglze/rvDCRq4QCfU+l/ R1DBA7fZM/p6bc4mXmAI77U= =C+LF -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Vista SP1 Dave Aitel (Apr 24)
- Re: Vista SP1 Alexander Sotirov (Apr 24)
- Re: Vista SP1 Dave Aitel (Apr 25)
- Re: Vista SP1 Dave Aitel (Apr 25)
- Re: Vista SP1 Robert Hensing (EL CONQUISTADOR) (Apr 25)
- Re: Vista SP1 Kostya Kortchinsky (Apr 25)
- Re: Vista SP1 Alexander Sotirov (Apr 26)
- Re: Vista SP1 Dave Aitel (Apr 25)
- Re: Vista SP1 Alexander Sotirov (Apr 24)