Vulnerability Note VU#458153
Video drivers may fail to support Address Space Layout Randomization (ASLR)
Some video drivers fail to support ASLR in Microsoft EMET "Always on" mode, which can limit the amount that such a system can be secured.
ASLR, when combined with DEP (Data Execution Prevention) can be an effective mitigation against exploitation of vulnerabilities. For more information about DEP and ASLR on Microsoft Windows platforms, see the Microsoft Security Research & Defense blog entry: On the effectiveness of DEP and ASLR. Microsoft has released a tool called EMET (Exploit Mitigation Experience Toolkit) to enforce DEP, ASLR, and other exploit mitigation features for Windows systems on an application-specific and a system-wide basis. DEP and ASLR features are available on other operating systems as well.
Some video drivers are not compatible with the Microsoft EMET "Always on" mode for ASLR. Enabling "Always on" ASLR on a system with incompatible video drivers may result in a system crash (kernel panic, or BSOD).
Systems with incompatible video drivers cannot be secured as well as those with ASLR-compatible drivers. Enabling system-wide DEP and ASLR can make exploitation of vulnerabilities more difficult.
Apply an update
Use standard VGA drivers
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AMD||Affected||16 Feb 2012||29 Jun 2012|
|ATI Technologies||Affected||-||05 Jun 2012|
|Intel Corporation||Not Affected||01 Jun 2012||05 Jun 2012|
|NVIDIA||Not Affected||01 Jun 2012||05 Jun 2012|
CVSS Metrics (Learn More)
This document was written by Will Dormann.
- CVE IDs: Unknown
- Date Public: 02 Sep 2010
- Date First Published: 06 Jun 2012
- Date Last Updated: 23 Jul 2012
- Document Revision: 57
If you have feedback, comments, or additional information about this vulnerability, please send us email.