ParityNews.com: ...Because Technology Matters

Switch to desktop Register Login

Hacker Bypasses Windows 7/8 Address Space Layout Randomization

Microsoft upped its security ante with Address Space Layout Randomization (ASLR) in Windows 7 and Windows 8 but, it seems that this mechanism to preventing hackers from jumping to a known memory location can be bypassed as a hacker has released a brilliant yet simple trick to circumvent the protection.

Going by the name KingCope, the hacker who released a dozen exploits targeting MySQL, SSH last December, has detailed a mechanism through which ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space. KingCope has explained the method in a blog post along with a PoC.

The method includes filling up of system’s entire memory through execution of JavaScript following which the memory can be freed block by block up until just enough memory is available to load a desired DLL. The address space of the freed up memory would thus be known thereby facilitating the hacker with a known jump to address.

Once done, the rest of the memory, which was filled up earlier, can be freed and known exploit methods of spraying the heap and heap corruption can be used to exploit the system.

Read 7111 times
Published in Security
Tagged under

Latest from Ravi Mandalia

Related items

More in this category: « Sony Fined £250K in UK for 2011 PlayStation Network Breach Loophole in Apple's iOS Enterprise Deployment Policy Used to Spread Fake, Pirated Apps »
back to top

Parity Media Private Limited. All rights reserved. 2013

Top Desktop version