On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious fred.vici...@gmail.comwrote:
Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
DEP/ASLR there... But as you said, so far there's no known catch-all
technique against IE8.
Along with other security features (
Yeah that's prrety obvious that there's one way or another to bypass DEP and
ASLR but if you chose not to share it and don't have anything useful to say,
it'll be better not to say anything.
On Thu, Oct 1, 2009 at 12:55 PM, Berend-Jan Wever
berendjanwe...@gmail.comwrote:
FYI: ASLR DEP can be
Microsoft has released Internet Explorer 8 on March 19, 2009 and up to now
there's no reliable method to exploit memory corruption vulnerabilities on
it?
I mean, on IE6 and IE7 we had SkyLined heap spray technique, first seen in
the IFRAME overflow exploit [1] which have been used by almost every
Freddie Vicious wrote:
Microsoft has released Internet Explorer 8 on March 19, 2009 and up to
now there's no reliable method to exploit memory corruption
vulnerabilities on it?
I mean, on IE6 and IE7 we had SkyLined heap spray technique, first
seen in the IFRAME overflow exploit [1] which
Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
DEP/ASLR there... But as you said, so far there's no known catch-all
technique against IE8.
Along with other security features (
FYI: ASLR DEP can be bypassed on x86, there's just nothing public at the
moment.
Cheers,
SkyLined
Berend-Jan Wever berendjanwe...@gmail.com
http://skypher.com/SkyLined
On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious fred.vici...@gmail.comwrote:
Yes, I am aware of the JVM and the Flash
On Thu, 01 Oct 2009 21:55:37 +0200, Berend-Jan Wever said:
FYI: ASLR DEP can be bypassed on x86, there's just nothing public at the
moment.
Is that I believe it can, but there's no proof yet, or based on non-public
sources, I know for a fact it can?
pgpGarY5dXHrE.pgp
Description: PGP
Along with other security features
(http://blogs.msdn.com/architecture/archive/2009/08/13/internet-explorer-8-rated-tops-against-malware-and-phishing-attacks.aspx)
this basicly means that IE8 is the most secure web browser nowadays?
If memory serves me right, it's been a while since we've