dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
28
share rss forum feed


trparky
Android... get back here
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:4
Reviews:
·AT&T U-Verse
reply to trparky

Re: IE Zero-Day

There's something called Structured Exception Handling Overwrite Protection or SEHOP. It does this by preventing attackers from being able to use the SEH overwrite technique by verifying that the thread’s exception handler list is intact before allowing any of the registered exception handlers to be called or executed. This mitigation technique is made possible by a side-effect of overwriting the SEH. The side-effect is that the pointer in the program’s memory stack is corrupted in the process of overwriting the SEH, thus the integrity of the exception handling chain is broken.

An Exception Handler is anything that may include the use of TRY, CATCH, and FINALLY.

I did a presentation on various exploit techniques for my end of class project for my CompTIA Security+ prep class. I covered the use of EMET extensively so I had to actually do some research into how many of these attacks work on a basic level.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | AOKP (The Android Open Kang Project)


trparky
Android... get back here
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:4
Reviews:
·AT&T U-Verse
Many of Microsoft's newer programs have these exploit protections baked into the compiled code of the program. But, this only happens with programs that have been compiled with recent versions of the Microsoft Visual C++ Compiler.

My guess is that Internet Explorer 9 and 10, which aren't vulnerable, have been compiled with Visual C++ 2010 or newer and the older versions are still being compiled with pre-2010 C++ compiler thus not having the protections baked into the compiled code.
--
Tom
Boycott AT&T uVerse! | Tom's Android Blog | AOKP (The Android Open Kang Project)