Seems this forum needs an expert malware analyst of some sort haha. Anyway, if anyone knows of more of these types of exploits, I'd really appreciate it if you could post links. In particular, I'd like to see some exploits that can bypass default-deny anti-execution mechanisms. The ones which spontaneously download and run a PE executable are boring - as you can see, the Excel exploit was blocked by everything I tested it against.
I recently read a claim that SRP can be bypassed if executable code is run from within
the Excel/Adobe/etc file. This is because SRP white-lists the Excel/Adobe/etc program to run, and therefore allows any code to run from within this program area. I would really like to get my hands on a POC like this (I'm not sure if even Didier Stevens' POC works in a Limited User Account, since it attempts to modify a DLL file in the C:\Windows directory). EP_X0FF, perhaps you could create such a POC as described here by Didier Stevens:
http://blog.didierstevens.com/2008/06/2 ... trictions/
Apparently, AppLocker is able to block such exploits, since it operates at kernel level. Unfortunately, AppLocker is only available in the Ultimate version of Windows 7, and Microsoft are only supporting this version until 2015 (they are supporting the Home Premium and Professional versions until 2020).
Personally, even these exploits don't impact me, since I always open any newly introduced file sandboxed with Sandboxie, 32-bit. But it'd be amazing to get hold of a POC that can bypass SRP or other default-deny anti-execution software (eg. ProcessGuard, Faronics Anti-Executable, and even Classical HIPS). If someone could design such a POC so that it's easy to execute, I'd be very interested to test it, and it'd be a great break-through in publically available exploits.