Hi malware fighters,

Exeption pointers can aid people to remotely control your box (worst scenario), most NULL pointer holes were patched with SP2, but not all possibilities were fully blocked. For the uninformed IE can still be exploited in such a way, see this link:

http://blog.metasploit.com/2006/08/putting-fun-in-browser-fun.html

No matter where the interrupt-vector table sits in memory, it is an exploitable weakness if it isn’t write-protected: You just set a pointer to whatever you like and off you go. In C, this is easily done with either a cast or pointer arithmetic, and if you have access to assembly language, it is even easier.

The only place where a 0-based vector table is slightly worse than at other locations is if the malcreant can’t write code. In this case, he might be able to exploit a buggy program that in special cases writes through a null pointer.

In any case, the fault is not really in having the vector table at any specific address but allowing writes to it from code that a user can run.

Also, if you are worried about null-pointer exploits, simply avoid null pointers. Many languages do not allow null pointers or pointer arithmetic at all (and this is checked at compile-time), so use one such. If you really need null pointers, make sure to check before every de-reference of a pointer that can be null (and make the compiler enforce this).

polonus