Engineering Heap Overflow Exploits with JavaScript

نویسندگان

Mark Daniel

Jake Honoroff

Charlie Miller

چکیده

This paper presents a new technique for exploiting heap overflows in JavaScript interpreters. Briefly, given a heap overflow, JavaScript commands can be used to insure that a function pointer is reliably present for smashing, just after the overflown buffer. A case study serves to highlight the technique: the Safari exploit that the authors used to win the 2008 CanSecWest Pwn2Own contest.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks

Web browsers that support a safe language such as Javascript are becoming a platform of great interest for security attacks. One such attack is a heap-spraying attack: a new kind of attack that combines the notoriously hard to reliably exploit heap-based buffer overflow with the use of an in-browser scripting language for improved reliability. A typical heap-spraying attack allocates a high num...

متن کامل

Detection of Heap-Spraying Attacks Using String Trace Graph

Heap-spraying is an attack technique that exploits memory corruptions in web browsers. A realtime detection of heap-spraying is difficult because of dynamic nature of JavaScript and monitoring overheads. In this paper, we propose a runtime detector of heap-spraying attacks in web browsers. We build a string trace graph by tracing all string objects and string operations in JavaScript. The graph...

متن کامل

A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities

This paper combines an analysis of data on security vulnerabilities (published in Bugtraq database) and a focused source-code examination to develop a finite state machine (FSM) model to depict and reason about security vulnerabilities. An in-depth analysis of the vulnerability reports and the corresponding source code of the applications leads to three observations: (i) exploits must pass thro...

متن کامل

NOZZLE: A Defense Against Heap-spraying Code Injection Attacks

Heap spraying is a security attack that increases the exploitability of memory corruption errors in type-unsafe applications. In a heap-spraying attack, an attacker coerces an application to allocate many objects containing malicious code in the heap, increasing the success rate of an exploit that jumps to a location within the heap. Because heap layout randomization necessitates new forms of a...

متن کامل

Efficient Techniques for Comprehensive Protection from Memory Error Exploits

Despite the wide publicity received by buffer overflow attacks, the vast majority of today’s security vulnerabilities continue to be caused by memory errors, with a significant shift away from stacksmashing exploits to newer attacks such as heap overflows, integer overflows, and format-string attacks. While comprehensive solutions have been developed to handle memory errors, these solutions suf...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2008

Engineering Heap Overflow Exploits with JavaScript

نویسندگان

چکیده

منابع مشابه

BuBBle: A Javascript Engine Level Countermeasure against Heap-Spraying Attacks

Detection of Heap-Spraying Attacks Using String Trace Graph

A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities

NOZZLE: A Defense Against Heap-spraying Code Injection Attacks

Efficient Techniques for Comprehensive Protection from Memory Error Exploits

عنوان ژورنال:

اشتراک گذاری