1. Latest News
  2. Submit Press Release
  1. PR Home
  2. Latest News
  3. Feeds
  4. Alerts
  5. Submit Free Press Release
  6. Journalist Account

The first public practical example of bypassing the IE8 browser protections from buffer overflo

DSecRG experts have published the first public practical example of bypassing the latest IE8 browser protections from buffer overflow attacks

FOR IMMEDIATE RELEASE

PRLog (Press Release) - Mar 16, 2010 -
DSecRG experts have published the first public practical example of bypassing the latest IE8 browser protections from buffer overflow attacks. The technique consists in practical implementation of a JIT-Spray method, which allows to attack the applications vulnerable to buffer overflow bypassing the latest browser protections.
The attack using JIT-spray was first demonstrated at BlackHat DC 2010; what revealed the speculative possibility to bypass DEP and ASLR for IE8. DSecRG launched its research into the issue; the efforts have brought about the elaboration of the first public methodology describing the details of making a shellcode, and the dispay of the first public JIT shellcode worldwide.
http://dsecrg.com/pages/pub/show.php?id=22
Since the majority of client vulnerabilities is exploited through the browser (usually Internet Explorer) the attack allows to implement vulnerabilities in the well-known client software – antivirus, bank-clients, desktop applications, and clients for accessing business applications and ERP-systems.
DSecRG gives much attention to client work station security during bank-client and business application analysis, therefore in order to demonstrate that the method functions the operational exploits implementing vulnerabilities in the widespread SAP business applications and also vulnerabilities used through Internet Explorer (application SAPGUI) and Oracle (application Oracle Document Capture) were written.
This research is meant to show that we stick to the latest information security trends around the world and make our contribution to the world lore. The new research in application security enables us to enhance constantly the level of expertise and quality of the performed work in relation to security analysis, - noted the Head of the DSecRG Research Lab, Alexander Polyakov.

# # #

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

--- end ---

Click to Share

Contact Email:
***@dsec.ru Email Verified
Source:Olga Yurova
City/Town:St. Petersburg
State/Province:St. Petersburg
Country:Russian Federation
Industry:High-tech, Research
Tags:, dsecrg, alexander polyakov, jit-spray, , , ,
Last Updated:Mar 16, 2010
Shortcut:http://prlog.org/10578364
Disclaimer:   Issuers of the press releases are solely responsible for the content of their press releases. PRLog can't be held liable for the content posted by others.   Report Abuse

Upcoming Press Releases...



  1. SiteMap
  2. Privacy Policy
  3. Terms of Service
  4. Copyright Notice
  5. About
  6. Advertise
Like PRLog?
3.5K1.4K1.3K
Click to Share