CAPEC-679
Exploitation of Improperly Configured or Implemented Memory Protections
Description
An adversary takes advantage of missing or incorrectly configured access control within memory to read/write data or inject malicious code into said memory.
Prerequisites
Access to the hardware being leveraged.
Mitigations
Ensure that protected and unprotected memory ranges are isolated and do not overlap.
If memory regions must overlap, leverage memory priority schemes if memory regions can overlap.
Ensure that original and mirrored memory regions apply the same protections.
Ensure immutable code or data is programmed into ROM or write-once memory.
Skills Required
[Medium] Ability to craft malicious code to inject into the memory region.
[High] Intricate knowledge of memory structures.