Can Buffer overflow attacks succeed if DEP+SEHOP are on?

Discussion in 'other security issues & news' started by wearetheborg, Aug 22, 2010.

Thread Status:
Not open for further replies.
  1. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    What about if only DEP is on?
     
  2. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    Yes, with even Hardware DEP enabled, buffer overflows can spawn a shellcode that can download and execute other malware codes. Even with those advertised buffer overflows protection softwares.

    This is based on my experience.

    But since the end result is always to download and execute malware codes, any properly configured default deny security policy like the use of SRP, HIPS, AE or containment like Sandboxie, will terminate the malware infection pathway or the hacker's intrusion early on.
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    It depends on the exploit and the details of how it is carried out. ASLR itself can be defeated if the application in question uses a "just-in-time" compiler (which Flash does). They call it JIT spraying. But generally, DEP/ASLR makes it much tougher to find working exploits than used to be the case on Windows back in the day.
     
Loading...
Thread Status:
Not open for further replies.