Security cookie value is not system default
ID PE015 Level ERROR Category Security
Description
The stack protection security cookie value is not system default. This prevents the loader from replacing its value with a value from a secure random source, which may make it more predictable for an attacker. This makes it easier to exploit vulnerabilities by taking control of the execution flow when returning from a function call.
Default security cookie values:
- for
x86targets:0xbb40e64eor0x0000bb40; - for
x64targets:0x00002b992ddfa232.
Mitigation
If using Visual C++:
- Make sure you do not reference the
__security_cookieor__security_cookie_complementsymbols anywhere in the code.
Arguments
This rule has the following output arguments:
-
cookie_value- Security cookie value used in the executable
Loading...
Unable to load this documentation page.