Writable .rdata section
ID PE117 Level WARNING Category Security
Description
The executable contains the .rdata section which is marked writable.
This section is typically dedicated to read-only data and thus should be placed to read-only memory.
Having a writable .rdata section may make it easier for an attacker to exploit memory corruption vulnerabilities.
Mitigation
- Make sure you are not merging sections with different memory access attributes.
- Do not explicitly change memory attributes. If doing so, do not mark the
.rdatasection writable.
If using Visual C++:
- Look for the
/SECTIONoption in the linker command line or the corresponding#pragma sectiondeclarations in the code.
Arguments
This rule has no output arguments.
Loading...
Unable to load this documentation page.