Yeah that's prrety obvious that there's one way or another to bypass DEP and
ASLR but if you chose not to share it and don't have anything useful to say,
it'll be better not to say anything.
On Thu, Oct 1, 2009 at 12:55 PM, Berend-Jan Wever
wrote:
> FYI: ASLR & DEP can be bypassed on x86, there's
On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious wrote:
> Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
> DEP/ASLR there... But as you said, so far there's no known "catch-all"
> technique against IE8.
> Along with other security features (
> http://blogs.msdn.com/architect
> Along with other security features
> (http://blogs.msdn.com/architecture/archive/2009/08/13/internet-explorer-8-rated-tops-against-malware-and-phishing-attacks.aspx)
> this basicly means that IE8 is the most secure web browser nowadays?
If memory serves me right, it's been a while since we've wi
On Thu, 01 Oct 2009 21:55:37 +0200, Berend-Jan Wever said:
> FYI: ASLR & DEP can be bypassed on x86, there's just nothing public at the
> moment.
Is that "I believe it can, but there's no proof yet", or "based on non-public
sources, I know for a fact it can"?
pgpGarY5dXHrE.pgp
Description: PGP
FYI: ASLR & DEP can be bypassed on x86, there's just nothing public at the
moment.
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious wrote:
> Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
> DEP/ASLR there.
Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
DEP/ASLR there... But as you said, so far there's no known "catch-all"
technique against IE8.
Along with other security features (
http://blogs.msdn.com/architecture/archive/2009/08/13/internet-explorer-8-rated-tops-against-malw
Freddie Vicious wrote:
> Microsoft has released Internet Explorer 8 on March 19, 2009 and up to
> now there's no reliable method to exploit memory corruption
> vulnerabilities on it?
>
> I mean, on IE6 and IE7 we had SkyLined heap spray technique, first
> seen in the IFRAME overflow exploit [1] whi
Microsoft has released Internet Explorer 8 on March 19, 2009 and up to now
there's no reliable method to exploit memory corruption vulnerabilities on
it?
I mean, on IE6 and IE7 we had SkyLined heap spray technique, first seen in
the IFRAME overflow exploit [1] which have been used by almost every