Event 1048 - DEP/NX Crash Recovery
Applies To: Windows 7, Windows Vista
By default, the Data Execution Prevention/No Execute (DEP/NX) option in Windows® Internet Explorer® 8 prevents code from running in non-executable memory on Windows® Server® 2008 and Windows Vista® with Service Pack 1 (SP1) and later operating systems. The DEP/NX option appears in the user interface of Internet Explorer 8 as Enable memory protection to mitigate online attacks on the Advanced tab in the Internet Options dialog box. When a violation occurs, the browser stops responding instead of running the malicious code. This option is enabled by default.
DEP/NX helps to foil attacks by preventing code from running in memory that is marked non-executable. DEP/NX, combined with other technologies like Address Space Layout Randomization (ASLR), make it harder for attackers to exploit certain types of memory-related vulnerabilities like buffer overruns.
When Is This Event Logged?
This event is logged after Internet Explorer 8 has recovered from a crash caused by DEP/NX. Typically, DEP/NX failures occur due to attempts to exploit the browser or its add-ons. However, it is also possible that a browser add-on is not compatible with DEP/NX, and so failures can occur even without malicious content. If an incompatible add-on is found, contact the add-on developer for an updated version.
If a process running a particular Web page crashes, then Internet Explorer automatically captures information about the crash and recovers the process, including logging the following information:
For more information about the exception codes and flags of the EXCEPTION_RECORD Structure, see EXCEPTION_RECORD Structure. For more information and examples of this event, see the Event 1048-DEP/NX Crash Recovery topic from Internet Explorer Application Compatibility.
There is no workaround for this security feature compatibility issue. You should use the information that is included in the log file to isolate the cause of and the solution for the crash.