Originally posted here by ammo
Correct me if I'm wrong, but I don't think W2K3 has the non-exec stack; it only was compiled with the stack-gard-like feature (/gs switch) of MS's compiler. At least the author of that paper doesn't mention either...
I think you're right. AFAIK it uses a canary (MS calls it a cookie) based protection.


Besides, you'll have to admit that writing an exploit for something compiled with this feature is much harder than just sending a bunch of NOOPs, jump and a piece of shell code...
Like I said, it'll prevent textbook buffer-overflows.


And with a non-exec stack and heap this becomes even more difficult...
Not really. Read Non-Stack overflows on Windows also by David Litchfield.