So much for enhanced security.
SearchSecurity reports that two security researchers have found a way that gets around all of the memory protection safe guards in Vista.
Speaking at Black Hat, Mark Dowd of IBM Internet Security Systems and Alexander Sotirov of VMware Inc will talk about new ways they found to bypass Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections, by using Java, ActiveX and .NET objects to load arbitrary content into web browsers. Apparently Internet Explorer is particularly vulnerable to the new techniques which take advantage of how web browsers handle active scripting and .NET objects to allow loading any code they wish - and executing it. Apparently the root of the flaw is that Microsoft software assumes that any .NET objects loaded are safe, and they can load arbitrary DLL's.