The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Mar. 25, 2014
Filed:
Dec. 02, 2010
Matthew R. Miller, Seattle, WA (US);
Kenneth D. Johnson, Bellevue, WA (US);
Timothy William Burrell, Prestbury, GB;
Matthew R. Miller, Seattle, WA (US);
Kenneth D. Johnson, Bellevue, WA (US);
Timothy William Burrell, Prestbury, GB;
Microsoft Corporation, Redmond, WA (US);
Abstract
The subject disclosure is directed towards preventing the exploitation by malicious code of object state corruption vulnerabilities, such as use-after-free vulnerabilities. An object class is configured with a secret cookie in a virtual function table of the object, e.g., inserted at compile time. An instrumentation check inserted in the program code evaluates the secret cookie to determine whether the object state has been corrupted before object access (e.g., a call to one of the object's methods) is allowed. If corrupted, access to the object is prevented by the instrumentation check. Another instrumentation check may be used to determine whether the object's virtual table pointer points to a location outside of the module that contains the legitimate virtual function table; if so, object access is prevented.