Full title: PAC Bypass Due To Unprotected Function Pointer Imports Exploit 
Category: dos / poc
Platform: windows
PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers (as well as some data pointers) at runtime. However, it seems that imports of function pointers from shared libraries in userspace are not properly protected by PAC, allowing an attacker to sign arbitrary pointers and thus bypass PAC.

# 0day.today @ http://0day.today/