Importance Of Data Execution Prevention and Address Space Layout Randomization Mitigation Technologies

The mitigation technologies like DEP, ASLR, and others like them (SEHOP, GS, etc) are designed to make it more difficult for attackers to reliably exploit software vulnerabilities. In practice, effectiveness of DEP and ASLR is heavily dependent on how completely each mitigation tech has been enabled by an app. Failing to completely enableing leaves low-hanging […]

The mitigation technologies like DEP, ASLR, and others like them (SEHOP, GS, etc) are designed to make it more difficult for attackers to reliably exploit software vulnerabilities. In practice, effectiveness of DEP and ASLR is heavily dependent on how completely each mitigation tech has been enabled by an app. Failing to completely enableing leaves low-hanging fruit that an attacker can use to their advantage when developing an exploit.

This point was most recently illustrated in exploit written for Adobe Reader (CVE-2010-2883) where attackers took advantage of a DLL that hadn't opted-in to ASLR. Following examples show importance of fully enabling mitigations:

[Sourc]

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.