Vigil@nce - Microsoft Internet Explorer: bypass of ASLR
July 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can guess the memory layout of a Microsoft Internet
Explorer process, in order to ease the next step of the attack.
– Impacted products: IE
– Severity: 1/4
– Creation date: 25/06/2015
DESCRIPTION OF THE VULNERABILITY
The Microsoft Internet Explorer product uses a dedicated memory
management technique for data structures used for page rendering.
However, a side effect of this protection technique is allowing
bypass of Address Space Layout Randomization, a kernel level
method of making code injection attacks (buffer overflow or use
after free) more difficult. So, bypassing that makes these class
of attacks easier.
An attacker can therefore guess the memory layout of a Microsoft
Internet Explorer process, in order to ease the next step of the
attack.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-Internet-Explorer-bypass-of-ASLR-17233