Long ago, most assumed more memory safety errors were not exploitable vulnerabilities than actually were. At some point, mitigations deployed in many systems turned the tide: most now assume more safety errors are exploitable vulnerabilities than actually are.
-
-
MS advisories pretty much as a rule describe all memory corruption issues as RCE, supporting your point.
-
claiming a memory safety error is unexploitable is like claiming you are the smartest person in the room. you're very likely wrong.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
For example, I think not even Microsoft argue that CFG makes vulns unexploitable, but many people still consider it useful, arguing it forces you to jump through significant hoops.