Executable import directory
ID PE095 Level ERROR Category Security
Description
The executable has an import directory which is placed to the executable section. This can make it easier for an attacker to exploit memory corruption vulnerabilities.
This directory should be placed to read-only memory.
Mitigation
- Make sure you are not merging sections with different memory access attributes.
- Do not explicitly change memory attributes. If doing so, do not mark a section with the import directory executable.
If using Visual C++:
- Look for the
/SECTIONoption in the linker command line or the corresponding#pragma sectiondeclarations in the code.
Arguments
This rule has the following output arguments:
-
section- Affected section name
Loading...
Unable to load this documentation page.