Security cookie value is not system default

ID PE015 Level ERROR Category Security

Description

The stack protection security cookie value is not system default. This prevents the loader from replacing its value with a value from a secure random source, which may make it more predictable for an attacker. This makes it easier to exploit vulnerabilities by taking control of the execution flow when returning from a function call.

Default security cookie values:

  • for x86 targets: 0xbb40e64e or 0x0000bb40;
  • for x64 targets: 0x00002b992ddfa232.

Mitigation

If using Visual C++:

  • Make sure you do not reference the __security_cookie or __security_cookie_complement symbols anywhere in the code.

Arguments

This rule has the following output arguments:

  • cookie_value - Security cookie value used in the executable