Microsoft Enhanced Mitigation Experience Toolkit (EMET) ROP Vulnerability Network Vulnerability

Summary

The host is installed with Microsoft Enhanced Mitigation Experience Toolkit (EMET) and is prone to return-oriented programming (ROP) vulnerability.

Impact

Successful exploitation will allow remote attackers to bypass ASLR protection mechanism via a return-oriented programming (ROP) attack. Impact Level: System

Solution

Upgrade to Microsoft Enhanced Mitigation Experience Toolkit (EMET) version 4.0 or later, For updates refer to http://support.microsoft.com/kb/2458544

Insight

The flaw is in the application which uses predictable addresses for hooked functions.

Affected

Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0

Detection

Get the installed version through the windows registry and check the version is vulnerable or not.

References

http://blogs.technet.com/b/srd/archive/2013/06/17/emet-4-0-now-available-for-download.aspx

Updated on 2017-03-28

Severity

Classification

CVE CVE-2013-6791

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Apple Mac OS X Denial of Service Vulnerability
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability

Take action and discover your vulnerabilities