pl
en
CORE-2009-0803 advisory from Core Security Technology describes very interesting vulnerability in memory protection scheme enforced by Virtual PC hypervisor. This bug enables userland applications to access kernel memory. It is quite interesting to note – that just like recent VDM issue – this operating system / hypervisor level vulnerability brakes all security mechanism. By exploiting this issue attacker is able to bypass DEP or SafeSEH for example and therefore good old classic buffer overflows are exploitable too even on platforms that have protection against such attacks like Windows XP SP3.
The one positive thing in this story is a fact that there are still people who can find interesting vulnerabilities other than XSS.