Hacker Bypasses Windows 7/8 Address Space Layout Randomization

hypnosec writes "Microsoft upped its security ante with Address Space Layout Randomization (ASLR) in Windows 7 and Windows 8, but it seems this mechanism to prevent hackers from jumping to a known memory location can be bypassed. A hacker has released a brilliant, yet simple trick to circumvent this protection. KingCope, a hacker who released several exploits targeting MySQL in December, has detailed a mechanism through which the ASLR of Windows 7, Windows 8 and probably other operating systems can be bypassed to load a DLL file with malicious instructions to a known address space."

Re:the only thing Microsoft and others can do is..

[bigstrat2003]

I'm sure they're aware of that, as is anyone with a shred of knowledge about computer security (or hell, security in general). What is your point?

ASLR is not so easy to bypass

[r00t]

You're right that it boils down to just looking up the address, but see, this is a chicken-and-egg problem. You're wanting to determine addresses so you can run code, but you must run code in order to look up addresses!

You might as well say that it is easy to get a dinosaur and a dinosaur egg. To get the dinosaur, just wait for a dinosaur egg to hatch. To get the dinosaur egg, just wait for a dinosaur to lay one. Problem solved, right???