A prominent security researcher has released an exploit that uses a new technique to defeat ALSR + DEP on Microsoft’s Windows operating system.
The exploit, released by Google security researcher “SkyLined,” uses the ret-into-libc technique to bypass DEP (Data Execution Prevention) and launch code execution attacks on x86 platforms.
SkyLined (real name Berend-Jan Wever) is best known for introducing heap-spraying in Web browsers, a technique used in exploits to facilitate arbitrary code execution. He previously worked at Microsoft before leaving in 2008 to work on security Google’s Chrome browser.
“I am releasing this because I feel it helps explain why ASLR+DEP are not a mitigation to put a lot of faith in, especially on x86 platforms,” SkyLined wrote on his blog. ”32-bits does not provide sufficient address space to randomize memory to the point where guessing addresses becomes impractical, considering heap spraying can allow an attacker to allocate memory across a considerable chunk of the address space and in a highly predictable location,” he added.