Starting with Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, Windows supports a new security enhancement called Data Execution Prevention (DEP). This feature prevents execution of program code in memory regions which normally do not contain any program code, such as the program stack, the process heap or data segments. Certain types of viruses or worms infect computers by provoking a buffer overrun in a vulnerable application to insert and execute their own, malicious code. With Data Execution Prevention (DEP) such attempts will be detected by the CPU and stopped by the operating system, thus ending a vulnerable application instead of allowing it to infect the computer with a virus or worm.