Is that PDF so scary?

- “it bypasses DEP and ASLR using impressive tricks and unusual methods” - Vupen

- “it uses a previously unpublished technique to bypass ASLR” - Metasploit Blog

- “exploit uses the ROP technique to bypass the ASLR and DEP” - ZDnet/Kasperky

- “it’s so scary I ran away screaming” - anonymous

Is that PDF so scary? I don’t think so.

DEP is an hardware feature that prevents execution of data, it obviously works if software sets the execution flag only on memory pages containing code.