I understand that obtaining code execution by stack buffer-overflows were mitigated by DEP, which in turn lead to SEH and ROP exploit techniques etc.
However, I don't see how to exploit an executable simultaneously protected by "Control Flow Guard" and "Return Flow Guard", since those exploit mitigations guarantee that target addresses of indirect calls (call
) and returns addresses (ret
) are always benign up to a possible granularity of 16 bytes.
Are there currently any general methods of exploiting "Control Flow Guard" and "Return Flow Guard", or are those mitigations so robust that it becomes almost "impossible" to exploit future application builds?