A Russian security outfit claims to have worked a way around Microsoft’s Windows XP Service Pack 2.Moscow-based MaxPatrol said two holes allow a hacker to sidestep the protection in SP2.
It is all to do with the SP2 measure, known as Data Execution Protection, which is intended to prevent attackers from inserting rogue code into a PC’s memory and tricking Windows into running the program.
But Positive Technology said that using the exploit it is possible to get arbitrary memory region write access (smaller or equal to 1016 bytes), Arbitrary code execution and a DEP bypass.
The company has come up with a temporary security measure called PTmsHORP. It can be downloaded here, while its advice to those with SP2 can be read here.
News source: The Inquirer