DSecRG experts have published the first public practical example of bypassing the latest IE8 browser protections from buffer overflow attacks. The technique consists in practical implementation of a JIT-Spray method, which allows to attack the applications vulnerable to buffer overflow bypassing the latest browser protections.
The attack using JIT-spray was first demonstrated at BlackHat DC 2010; what revealed the speculative possibility to bypass DEP and ASLR for IE8. DSecRG launched its research into the issue; the efforts have brought about the elaboration of the first public methodology describing the details of making a shellcode, and the dispay of the first public JIT shellcode worldwide.
http://dsecrg.com/
Since the majority of client vulnerabilities is exploited through the browser (usually Internet Explorer) the attack allows to implement vulnerabilities in the well-known client software – antivirus, bank-clients, desktop applications, and clients for accessing business applications and ERP-systems.
DSecRG gives much attention to client work station security during bank-client and business application analysis, therefore in order to demonstrate that the method functions the operational exploits implementing vulnerabilities in the widespread SAP business applications and also vulnerabilities used through Internet Explorer (application SAPGUI) and Oracle (application Oracle Document Capture) were written.
This research is meant to show that we stick to the latest information security trends around the world and make our contribution to the world lore. The new research in application security enables us to enhance constantly the level of expertise and quality of the performed work in relation to security analysis, - noted the Head of the DSecRG Research Lab, Alexander Polyakov.
