F-Secure and ASLR
As security researcher Didier Stevens explains(http://blog.didierstevens.com/2011/01/17/quickpost-it-does-no-harm-or-does-it/) some applications leave explorer.exe vulnerable by loading shell extensions that do not support ASLR, and the same with browsers(http://www.scriptjunkie.us/2011/06/bypassing-dep-aslr-in-browser-exploits-with-mcafee-symantec/). F-Secure 2011 also does this with explorer, firefox and internet explorer, same with the 2012 beta. Plus, not all F-Secure processes support ASLR and two of them not even DEP. Could this be fixed before 2012 stable release? p.s. I also noticed that FSIS loads fsscoepl.dll, described as Spam control plugin for Microsoft outlook express into explorer.exe iexplore.exe and firefox.exe. It seems a bit pointless to me to load a spam plugin for outlook express into these processes.
Comments
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!