Executive Summary
Summary | |
---|---|
Title | Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard |
Informations | |||
---|---|---|---|
Name | VU#817544 | First vendor Publication | 2017-11-17 |
Vendor | VU-CERT | Last vendor Modification | 2017-11-19 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | N/A | Attack Range | N/A |
Cvss Impact Score | N/A | Attack Complexity | N/A |
Cvss Expoit Score | N/A | Authentication | N/A |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#817544Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit GuardOverviewMicrosoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThis issue was reported by Will Dormann of the CERT/CC, with assistance from Matt Miller of Microsoft. This document was written by Will Dormann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/817544 |
Alert History
Date | Informations |
---|---|
2017-11-20 05:21:16 |
|
2017-11-17 21:22:01 |
|
2017-11-17 17:20:52 |
|