Results 1 to 6 of 6

Thread: Use EMET from Microsoft to block 0-day exploits in Adobe Reader, Acrobat, etc

  1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default Use EMET from Microsoft to block 0-day exploits in Adobe Reader, Acrobat, etc

    hi !

    Use Enhanced Mitigation Experience Toolkit to block Adobe Reader and Acrobat 0-day exploit !

    "Background on the exploit As you probably know there is a new exploit in the wild for Adobe Reader and Acrobat. This particular exploit is using the Return Oriented Programming (ROP) exploit technique in order to bypass Data Execution Prevention (DEP).

    Normally Address Space Layout Randomization (ASLR) would help prevent successful exploitation. However, this product ships with a DLL (icucnv36.dll) that doesn’t have ASLR turned on. Without ASLR, this DLL is always going to be loaded at a predictable address and can be leverage by an exploit. "



    Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit - Security Research & Defense - Site Home - TechNet Blogs

    "Today we are pleased to announce the availability of the Enhanced Mitigation Experience Toolkit (EMET) version 2.0. Users can click here to download the tool free of charge. "

    The Enhanced Mitigation Experience Toolkit 2.0 is Now Available - Security Research & Defense - Site Home - TechNet Blogs

    although i donīt use Adobe Reader myself, this looks VERY interesting,
    since it should be possible to use the EMET-tool to block 0-day exploits in other programs too.

    i have to take a closer look on the subject tomorrow...

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,559

    Default

    Nice share. Thanks!

  3. #3
    Pankaj's Avatar
    Pankaj is offline Senior Member
    Join Date
    Nov 2008
    Location
    Pune
    Posts
    175

    Default

    Visited the link but looks difficult to use. Maybe its not for use on the desktop version.

  4. #4
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    "desktop version" ?

    what do you mean ?

  5. #5
    Pankaj's Avatar
    Pankaj is offline Senior Member
    Join Date
    Nov 2008
    Location
    Pune
    Posts
    175

    Default

    I meant, is it for use on the Windows desktop or server version only? If it can be used on Windows desktop version, how to do it.

  6. #6
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    hi !

    but what is "windows desktop version" ?

    do you you mean XP, Vista, W7 ?

    if so, then YES you can.

    read the information on those 2 links i posted above:

    on the first link "Use EMET 2.0 to block":

    "Mandatory ASLR: On Windows 7, Windows Vista, Windows Server 2008 R2, and Windows Server 2008 this mitigation will force the relocation of non ASLR-aware DLLs. "

    "Export Address Table Access Filtering (EAF): The exploit is also blocked by the EAF mitigation. This is important for Windows XP and Windows Server 2003 because they do not support mandatory ASLR."



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22