Executable IAT directory
ID PE113 Level ERROR Category Security
Description
The executable has an IAT (import address table) directory which is placed to the executable section. This can make it easier for an attacker to exploit memory corruption vulnerabilities.
This directory should be placed to read-only or read-write memory.
Mitigation
- Make sure you are not merging sections with different memory access attributes.
- Do not explicitly change memory attributes. If doing so, do not mark a section with the IAT directory executable.
If using Visual C++:
- Look for the
/SECTIONoption in the linker command line or the corresponding#pragma sectiondeclarations in the code.
Arguments
This rule has the following output arguments:
-
section- Affected section name
Loading...
Unable to load this documentation page.