Writable bound import directory
ID PE110 Level WARNING Category Security
Description
The executable has a bound import directory which is placed to the writable section. This can make it easier for an attacker to exploit memory corruption vulnerabilities.
This directory should be placed to read-only memory.
Mitigation
- Make sure you are not merging sections with different memory access attributes.
- Do not explicitly change memory attributes. If doing so, do not mark a section with the bound import directory writable.
If using Visual C++:
- Look for the
/SECTIONoption in the linker command line or the corresponding#pragma sectiondeclarations in the code.
Arguments
This rule has the following output arguments:
-
section- Affected section name
Loading...
Unable to load this documentation page.