diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)

Nov242009

“Nozzle” counteracting ‘heap spraying’ memory exploits

The goal of any attack’s to get targeted computer to run exploit code supplied by the attacker. To achieve this, two things must happen: code must end up on computer, and computer must run that code. The earliest type of memory exploit took advantage of buffer-stack overflows. The newest, most popular weapon of choice for attackers is a technique known as “Heap spraying,” that works by allocating multiple objects containing attacker’s exploit code in program’s heap, the area of memory used for dynamic memory allocation. Many recent high-profile attacks, such as an Internet Explorer exploit in Dec 2008 and one of Adobe Reader in Feb 2009, were examples of heap spraying. Heap-spray attacks are difficult to detect reliably, but Microsoft researcher developed a tool “Nozzle” for identifying heap-spray attacks. At 18th Usenix Security Symposium in Montreal, they presented Nozzle: A Defense Against Heap-spraying Code Injection Attacks paper along with a live demo of their solution while on stage.

Full Article: Microsoft Research

Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!