CVE-2013-6791 in Microsoft Enhanced Mitigation Experience Toolkit EMET
Summary
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming (ROP) attack.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Reservation
11/13/2013
Disclosure
11/29/2013
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 11333 | Microsoft Enhanced Mitigation Experience Toolkit EMET ASLR information disclosure | 200 | Proof-of-Concept | Official fix | CVE-2013-6791 |