Click here to get back home

VML buffer overruns, Vista, and DEP (MS07-004)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
VML buffer overruns, Vista, and DEP (MS07-004) ChrisW 01-16-2007
Posted by ChrisW on January 16, 2007, 6:56 am
Please log in for more thread options
 Ok, so I am reading up on buffer overflows... er, overruns.... and see
that VML has one this month. I also read an article on msdn that says
Vista does not get effected because the code was recompiled with Visual
Studio (yay!).

But, even if the buffer overrun happens and remote code gets placed in
memory, shouldn't DEP notice this and weed it out?

http://www.microsoft.com/technet/security/bulletin/MS07-004.mspx
http://blogs.msdn.com/michael_howard/archive/2007/01/10/why-windows-vista-is-unaffected-by-the-vml-bug.aspx
http://support.microsoft.com/kb/875352

Thanks

ChrisW


Posted by Jesper on January 16, 2007, 8:03 pm
Please log in for more thread options
 Hardware DEP *may* protect you, if it is on, and the attack involves writing
code into a location that is marked as non-executable. Without going into
deep details on the exploit, it is hard to tell if the latter would happen.

Hardware DEP is also used on an opt-in basis by default. That means that
only binaries that opt in to use it are protected. This covers only Windows
binaries by default.

Software DEP is easier to cicumvent and is only on for certain system
binaries. It might or might not protect you.

The net takeaway is that DEP can provide a bit of a safety net, but will not
be able to stop all buffer overflow attacks.

"ChrisW" wrote:

> Ok, so I am reading up on buffer overflows... er, overruns.... and see
> that VML has one this month. I also read an article on msdn that says
> Vista does not get effected because the code was recompiled with Visual
> Studio (yay!).
>
> But, even if the buffer overrun happens and remote code gets placed in
> memory, shouldn't DEP notice this and weed it out?
>
> http://www.microsoft.com/technet/security/bulletin/MS07-004.mspx
>
http://blogs.msdn.com/michael_howard/archive/2007/01/10/why-windows-vista-is-unaffected-by-the-vml-bug.aspx
> http://support.microsoft.com/kb/875352
>
> Thanks
>
> ChrisW
>
>

Posted by jwgoerlich on January 20, 2007, 11:37 am
Please log in for more thread options
Not all buffer overflows are the same. There is a difference between
stack-based and heap-based overflows. DEP prevents stack-based. The VML
problem was heap-based (integer multiplication without bounds
checking). DEP would not notice it.

The recompiled code fails securely because the compiler automatically
adds the integer checking.

J Wolfgang Goerlich

ChrisW wrote:
> Ok, so I am reading up on buffer overflows... er, overruns.... and see
> that VML has one this month. I also read an article on msdn that says
> Vista does not get effected because the code was recompiled with Visual
> Studio (yay!).
>
> But, even if the buffer overrun happens and remote code gets placed in
> memory, shouldn't DEP notice this and weed it out?
>
> http://www.microsoft.com/technet/security/bulletin/MS07-004.mspx
>
http://blogs.msdn.com/michael_howard/archive/2007/01/10/why-windows-vista-is-unaffected-by-the-vml-bug.aspx
> http://support.microsoft.com/kb/875352
>
> Thanks
>
> ChrisW


Similar ThreadsPosted
Buffer Overrun vs. Buffer Overflow August 9, 2006, 12:04 pm
Stack smashing/buffer overflow research May 15, 2007, 2:23 am
RE: xp vista network July 31, 2008, 1:15 pm
Vista cannot logon script? August 25, 2007, 1:20 am
Smart Card and VPN in Vista. May 26, 2008, 3:36 am
Importing certificates does not work on Vista: February 5, 2008, 2:31 pm
HELP for Vista on Server 2003 Enterprise March 3, 2008, 4:39 pm
Install Certificate on Windows Vista June 16, 2008, 11:27 pm
W2K3 SP2 web enrollment w/922706 and Vista client December 5, 2007, 6:24 pm
vista domain clients no longer see USB drives June 9, 2008, 7:05 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap