Sciweavers

USS
2008

Engineering Heap Overflow Exploits with JavaScript

14 years 2 months ago
Engineering Heap Overflow Exploits with JavaScript
This paper presents a new technique for exploiting heap overflows in JavaScript interpreters. Briefly, given a heap overflow, JavaScript commands can be used to insure that a function pointer is reliably present for smashing, just after the overflown buffer. A case study serves to highlight the technique: the Safari exploit that the authors used to win the 2008 CanSecWest Pwn2Own contest.
Mark Daniel, Jake Honoroff, Charlie Miller
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USS
Authors Mark Daniel, Jake Honoroff, Charlie Miller
Comments (0)