Heap Spraying

Heap spraying refers to the attempt to insert code into a predetermined location using the exploits of vulnerable browsers. “Heap” comes from the term heap-based memory allocation (also known as dynamic memory allocation), which is the allowance of memory storage to be used by a computer program when it runs. “Spraying the heap” is code that inserts a sequence of bytes into the memory of a target process by creating large blocks on the process’ heap and filling them in with specific values. This takes advantage of existing memory corruption errors in type-unsafe applications and allows the attacker to perform arbitrary code execution. Though heap spraying has been used since at least 2001, the method became popular in 2005 with the publication of several exploits involving the Internet Explorer web browser. Heap spraying proved popular due to how easy it was for novice hackers to write exploits or copy previous exploits for many vulnerabilities found in web browsers and browser plug-ins.  When targeting browsers for heap spraying, JavaScript is often used. Microsoft Office has also been found to be vulnerable to heap spraying, so security experts recommend scanning all email going through a server for malware hidden in Microsoft Office document attachments. Solutions such as Nozzle, a runtime monitoring infrastructure that detects attacker’s attempts to spray the heap, have been developed in order to counter this technique. Antivirus software also can protect against heap spraying attacks, so keeping your antivirus browser software up to date is essential.

Comments are closed.