Russian security outfit, Maxpatrol, have discovered a way to defeat Microsoft® Windows® XP SP2 Heap protection and Data Execution Prevention mechanism.
Data execution prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help protect against malicious code exploits. By default, software-enforced DEP only protects limited system binaries. Hardware-enforced DEP relies on processor hardware to mark memory with an attribute that indicates that code should not be executed from that memory.
Maxpatrol have published a full article on their discoveries. They claim that it"s possible to implement arbitrary memory region write access (smaller or equal to 1016 bytes), Arbitrary code execution and DEP bypass.
The company have also published a solution named PTmsHORP. PTmsHORP allows restriction of lookaside list creation, governed by a special global flag. The company reported the problem to Microsoft on the 22nd December. We"ve contacted Microsoft about the problem and are awaiting a response.