Hi Logos,
But now we get word that the last two MS defence bastions for IE7 and IE8 also has been overcome by hackers. Yes, by exploiting weaknesses in Adobe Systems' Flash Player, researchers have devised two separate attacks that bypass mitigations Microsoft put into IE 7 and 8. Known as ASLR, or address space layout randomization, and DEP, or data execution prevention, the technologies are designed to lessen the severity of bugs by making it hard for them to cause the execution of malicious code.
Both techniques wield the so-called just-in-time compiler in Flash so that a computer's memory is blanketed with large chunks of identical shellcode. The "JIT-spray" allows attackers to overcome ASLR, which normally thwarts execution by picking a different memory location to load system components each time an operating system is started. (source:
http://www.theregister.co.uk/2010/02/03/microsoft_windows_protection_bypass/ )
This will be rather difficult for MS to overcome because, one of the hackers told: "A change in the memory allocator could prevent" JIT-spraying," he said. "That is, I think, way too complex to do. I don't think we're going to see that happen anytime soon." So a follow up of heap spraying is there,
just have to wait until this is coming to malware in the wild. Maybe this was also a reason to drop Flash in HTML5, the abuse of functionality in Flash sank browser security here,
polonus
