Memory randomization as application security enhancement?

Question

I recently came upon a Microsoft article that touted new \"defensive enhancements\" of Windows 7. Specifically:

• Address space layout randomization (ASLR)

Answer 1

By randomizing the stack you make vanilla buffer overflow attacks like Aleph One's Smashing the Stack for Fun Profit impossible. The reason why is because the attack is relying on placeing a small ammount of executable code calld shellcode into a predictable location in memory. The function stack frame is corrupted and its return address overwritten with a value that the attacker chooses. When the corrupted function returns the the flow of execution moves to attacker's shellcode. Traditionally this memory address is so predictable that it would be identical on all machines that are running the same version of the software.

Despite advanced memory protection implemented on Windows 7 remote code execution is still possible. Recently at CanSecWest a machine running Windows 7 and IE 8 was hacked within seconds. Here is a technical description of a modern memory corruption attack utilizing a dangling pointer in conjunction with a heap overflow.