Exploit Prevention, Quo Vadis?

  • László ErdődiEmail author
  • Audun Jøsang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10547)


Exploits are advanced threats that take advantage of vulnerabilities in IT infrastructures. The technological background of the exploits has been changed during the years. Several significant protections have been introduced (e.g. Data Execution Prevention, Enhanced Mitigation Experience Toolkit, etc.), but attackers have always found effective ways to bypass any protection. This study gives a summary on the main software vulnerability exploitation methods including protections. Furthermore the study analyzes the capabilities and the predicted future of software exploitation in the light of the new protection technologies.


Exploits Prevention Vulnerability Control-flow Protection 


  1. 1.
    Li, Y., Lan, B., Sun, H., Su, C., Liu, Y., Zeng, Q.: Loop-oriented programming: a new code reuse attack to bypass modern defenses. In: 2015 IEEE Trustcom/BigDataSE/ISPA, pp. 91–97. IEEE Computer Society (2015)Google Scholar
  2. 2.
    Bittau, A., Belay, A., Mashtizadeh, A., Mazieres, D., Boneh, D.: Hacking blind (2015).
  3. 3.
    Bletsch, T., Jiang, X., Freeh, V.: Jump-oriented programming: a new class of code-reuse attack. In: 17th ACM Computer and Communications Security (2010)Google Scholar
  4. 4.
    Bosman, E., Bos, H.: Framing signalsa return to portable shellcode. In: SP 2014 Proceedings of the IEEE Symposium on Security and Privacy, pp. 243–258 (2014)Google Scholar
  5. 5.
    Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses (2014).
  6. 6. CVE details - the ultimate security vulnerability datasourse.
  7. 7.
    Davi, L., Liebchen, C., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: NDSS Symposium 2015 (2015)Google Scholar
  8. 8.
    CWE Common Weakness Enumeration. CWE-416: use after free (2012).
  9. 9.
    Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR (2016).
  10. 10.
    Ferguson, J.N.: Understanding the heap by breaking it (2007).
  11. 11.
    Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks (2016).
  12. 12.
  13. 13.
    Johnson, K., Miller, M.: Exploit mitigation improvements in Windows 8 (2012).
  14. 14.
    Kaempf, M.: Smashing the heap for fun and profit. Phrack Mag. 57(11), 8 (2001)Google Scholar
  15. 15.
    Kondratenko, A.: CVE-2017-3881 Cisco Catalyst RCE Proof-of-Concept (2017).
  16. 16.
    Levy, E.: Smashing the stack for fun and profit. Phrack Mag. 49(14), 8 (1996)Google Scholar
  17. 17.
    Seka, R., Li, L., Just, J.E.: Address-space randomization for windows systems (2012).
  18. 18.
    Microsoft: A detailed description of the data execution prevention (DEP) feature in windows XP service pack 2, windows XP tablet pc edition 2005, and windows server 2003 (2006).
  19. 19.
    Microsoft: Preventing the exploitation of structured exception handler (SEH) overwrites with sehop (2009).
  20. 20.
    Microsoft: The enhanced mitigation experience toolkit (2012).
  21. 21.
  22. 22.
    Pak, B.: Microsoft edge (Windows 10) - ‘chakra.dll’ info leak/type confusion remote code execution (2017).
  23. 23.
    Schuster, F., Tendyck, T., Liebcheny, C., Daviy, L., Sadeghiy, A.-R., Holz, T.: Counterfeit object-oriented programming - on the difficulty of preventing code reuse attacks in C++ applications (2015).
  24. 24.
    scut/team teso. Exploiting format string vulnerabilities (2001).
  25. 25.
    Offensive Security. Offensive securitys exploit database archive.
  26. 26.
    Shacham, H., Buchanan, E., Roemer, R., Savage, S.: Return-oriented programming: exploitation without code injection (2008).
  27. 27.
    Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization (2004).
  28. 28.
    El Sherei, S.: Return to libc.
  29. 29.
    Tang, J.: Exploring control flow guard in Windows 10 (2016).
  30. 30.
    Corelan Team: Exploit writing tutorial part 11: heap spraying demystified (2011).
  31. 31.
    Ars Technica: Firefox 0-day in the wild is being used to attack tor users (2016).
  32. 32.
  33. 33.
    van Schaik, S., Razavi, K., Gras, B., Bos, H., Giuffrida, C.: Reverse engineering hardware page table caches using side-channel attacks on the MMU (2017).
  34. 34.
    Wagle, P.M.: Stackguard: simple buffer overflow protection for GCC. In: Proceedings of the GCC Developers Summit, pp. 243–256 (2003)Google Scholar
  35. 35.
    Wikipedia. Exploit (computer security) (2010).
  36. 36.
    Yason, M.V.: Understanding the attack surface and attack resilience of project spartans (edge) new edgehtml rendering engine (2015).

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.University of OsloOsloNorway

Personalised recommendations