ThreatFire prevents against BufferOverflow- any other HIPS?

Discussion in 'other anti-malware software' started by aigle, Oct 31, 2007.

Thread Status:
Not open for further replies.
  1. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    See the screenshot from TF forums:

    http://www.pctools.com/forum/showpost.php?p=171332&postcount=2

    I wonder if anyother behave blocker/ HIPS prevents against buffer overflow. Has anybody tested TF or any other product against such type of threats.

    I am not sure how I can test it.

    What do u think about this?

    Thanks
     
  2. showtime33

    showtime33 Registered Member

    Joined:
    Jun 23, 2006
    Posts:
    26
    cant see the attactment unless you have a username and password for that forum....
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Ya, for ethical reasons I did not upload it here.
    Snapshot is not from me, it,s from them.
     
  4. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Comodo Memory Guardian was made for exactly that. It has proven working with .ANI cursors vulnerability in Vista and the Yahoo exploit. Here are pics the developer took himself of the yahoo exploit and .ani exploit.
     

    Attached Files:

    • cmg1.jpg
      cmg1.jpg
      File size:
      190.6 KB
      Views:
      702
    • cmg2.jpg
      cmg2.jpg
      File size:
      142.5 KB
      Views:
      696
  5. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    @Coolio- Thanks for posting the Memory Block screenshots. I note that both were executed against Internet Explorer. How about if I am using K-meleon browser (NEVER Internet Explorer - braaaack!)?

    Will those same exploits affect K-mel?
     
  6. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Coolio, thanks for nice pics.
     
  7. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The buffer overflow of TF needs work, TBH, as it currently fails against the ANI exploit (explorer.exe BO) and some common HTML shellcode exploits (IE BO). I've forwarded the relevent samples to the TF team, so let's see what they do about it.
     
  8. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    KMel would probably not even be effected but cmg would be compatible with any browser as it is not a plugin.
     
Loading...
Thread Status:
Not open for further replies.