I can see why this is a bug, but I fail to see the real life security implications because there is no privilege escalation. Can someone (maybe the author Malcolm Owen) enlighten us why this is tagged as 'high severity' flaw?
My thoughts exactly. Why for example not change the file before running it? Maybe because executable files are checksummed by the OS and are not allowed to run when changed. When you change it on the fly this detection is circumvented, but still doesn't escalate privileges, so whats the point? One thing I can think of, is that it makes virus detection harder, because code that modifies other code is very difficult to detect (and catch in a pattern) and can change with ease ... (a two-pronged attack so to say). Another observation is that this process of pushing the code out of active memory, by upending the memory pressure is indeterministic and highly timing and resources dependend, and so will fail most of the time?
Comments
Why for example not change the file before running it?
Maybe because executable files are checksummed by the OS and are not allowed to run when changed.
When you change it on the fly this detection is circumvented, but still doesn't escalate privileges, so whats the point?
One thing I can think of, is that it makes virus detection harder, because code that modifies other code is very difficult to detect (and catch in a pattern) and can change with ease ... (a two-pronged attack so to say).
Another observation is that this process of pushing the code out of active memory, by upending the memory pressure is indeterministic and highly timing and resources dependend, and so will fail most of the time?