In a presentation yesterday, a McAfee representative stated that security experts thus far have not found a way to modify the “Operation Aurora” zero-day exploit of IE to overcome the defense represented by the combination of Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP). DEP alone is not sufficient. DEP is available in XP, but ASLR is not (from Microsoft). ASLR is available in Windows 7.
Quoting Wikipedia:
Operation Aurora was a cyber attack conducted in mid-December 2009 and continuing into early January 2010. The attack was publicly disclosed by Google on January 12 in a blog post. In the blog post, Google said the attack originated in China. The attack was aimed at dozens of other organizations, of which Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman and Dow Chemical were also among the targets.
By some counts, there were 34 firms affected. The Intellectual Property (IP) in each case was different. For example, it appears that a large amount of IP from an oil company was taken by the Chinese during this period. The property in question was bidding data on oil leases off the coast of Africa. The competition is China National Offshore Oil Corporation (CNOOC).