Heap Spraying

Updated: 09/15/2017 by Computer Hope

heap sprayingHeap spraying is a technique used to aid the exploitation of vulnerabilities in computer systems. It is called "spraying the heap" because it involves writing a series of bytes at various places in the heap - the large pool of memory that is allocated for use by programs. The basic idea is similar to spray painting a wall to make it all the same color. Like a wall, the heap is "sprayed" so that its "color" (the bytes it contains) is uniformly distributed over its entire memory "surface".

How does it work?

The heap is vulnerable to this kind of attack because it usually starts at a predetermined location in memory, and consecutive writes are often located in consecutive locations in memory.

The goal of the attack is to ensure that the bytes can be accessed later as the vector of a separate attack. Later, the malicious software can use a pointer reference to execute the arbitrary code. If the heap has been sprayed all over with the code to be executed, the chances that the pointer will reference the code is very high. Therefore, the heap spray is not actually an exploit, but a way to give other exploits a higher chance of success.

Heap spraying is usually implemented in the web browser and was first identified as a technique in the early 2000s. Heap spraying attacks have been demonstrated using JavaScript, VBScript, and HTML5.

Attack, Security terms