|Informative Information for the Uninformed
Next: Behavioral Change to SetUnhandledExceptionFilter Up: Exploiting the Otherwise Unexploitable Previous: Case Study: Internet Explorer Contents
In the interest of not presenting a problem without a solution, the authors have devised a few different approaches that might be taken by Microsoft to solve this issue. Prior to identifying the solution, it is important to summarize the root of the problem. In this case, the authors feel that the problem at hand is rooted around a design flaw with the way the unhandled exception filter ``chain'' is maintained. In particular, the ``chain'' management is an implicit thing which hinges on the symmetric registering and deregistering of unhandled exception filters. In order to solve this design problem, some mechanism must be put in place that will eliminate the symmetrical requirement. Alternatively, the symmetrical requirement could be retained so long as something ensured that operations never occurred out of order. The authors feel that this latter approach is more complicated and potentially not feasible. The following sections will describe a few different approaches that might be used or considered to solve this issue.
Aside from architecting a more robust implementation, this attack vector may also be mitigated through conventional exploitation counter-measures, such as NX and ASLR.