[Klug-general] Vista Security rendered "useless" by flaw
George Prowse
george.prowse at gmail.com
Mon Aug 11 14:05:13 UTC 2008
"Two security researchers have developed a new technique that
essentially bypasses all of the memory protection safeguards in the
Windows Vista operating system, an advance that many in the security
community say will have far-reaching implications not only for
Microsoft, but also on how the entire technology industry thinks about
attacks.
In a presentation at the Black Hat briefings, Mark Dowd of IBM
Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc.
will discuss the new methods they've found to get around Vista
protections such as Address Space Layout Randomization(ASLR), Data
Execution Prevention (DEP) and others by using Java, ActiveX controls
and .NET objects to load arbitrary content into Web browsers.
By taking advantage of the way that browsers, specifically Internet
Explorer, handle active scripting and .NET objects, the pair have been
able to load essentially whatever content they want into a location of
their choice on a user's machine."
Oops, Just in case you hadn't read it...
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html#
More information about the Kent
mailing list