Memory Corruption and Hacker Folklore
.png)
A while back i thought it would be nice if we had an authoritative source of memory corruption attacks (and mitigations) in a single document. I resisted mainly because: It seemed like a lot of drudgery for something we have been able to do well without, It steers towards the word "taxonomy" [1] I was a little lazy. [1] Dave Aitel has posited that "people who thing (sic) of things as "Taxonomies" are always headed in the opposite direction from correct" Late last year i ran some scripts (and waded) through OSVDB's database, to see if we could pull through some numbers on memory corruption bugs (through the ages) and their disclosure rate compared to other bugs. (theres actually a wealth of fiddling in these numbers too, that ill get around to at some point). I figured it would be nice to see a timeline of memory corruption exploitation techniques along with the mitigation steps introduced plotted along-side the bug counts (but still lacked the real mo...