HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Efficacy of MemoryProtection against use-after-free vulnerabilities

As of the July 2014 patch of Internet Explorer, Microsoft has taken a major step in the evolution of exploit mitigations built into its browser. The new mitigation technology is called MemoryProtection (or MemProtect, for short) and has been shown to be quite effective against a range of use-after-free (UAF) vulnerabilities. Not all UAFs are equally affected, however. Here we’ll discuss what MemoryProtection is and how it operates, and evaluate its effectiveness against various types of UAFs.

Labels: IE| MemoryProtection| UAF| ZDI

Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass

Could the latest 0-day used in the wild be stealthier?

The attack discovered last week used two vulnerabilities but it could have been stealthier. A bug was exploited in flash to bypass ASLR and another in IE to gain RCE. ZDI's research proved that the IE bug can be exploited to bypass ASLR+DEP without using a Flash bug.

Labels: 0day| ASLR| DEP| exploit| IE| IE0day| ZDI
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.