RWX section is present
ID PE010 Level CRITICAL Category Security
Description
An RWX (readable, writable, executable) section is present in the executable. A section which is marked readable, writable and executable at the same time makes vulnerability exploitation much easier, allowing an attacker to write the data to memory and execute it straightaway.
Mitigation
- Make sure you are not merging sections with different memory access attributes.
- Do not explicitly change memory attributes. If doing so, do not mark any sections writable and executable at the same time.
If using Visual C++:
- Look for the
/SECTIONoption in the linker command line or the corresponding#pragma sectiondeclarations in the code.
Arguments
This rule has the following output arguments:
-
section_name- Affected section name
Loading...
Unable to load this documentation page.