LS>Heap spraying implies running code in the heap, JA>Actually, um.. no.. it doesn't
My understanding of heap spraying comes from http://blogs.securiteam.com/index.php/archives/638: "...SkyLined's heap spraying techqniue (http://sf-freedom.blogspot.com/2006/07/heap-spraying-internet-exploiter .html) (the concept of this technique is that you inject the nop + shellcode into the heap memory and use some method to trick the eip jump into that heap ..." Sure sounds like running code in the heap to me. JA>How do you get to be in that position? Lot's of buzzword-tossing I'd have to guess. Fuck you too. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ <blocked::http://security.eweek.com/> http://blog.eweek.com/blogs/larry%5Fseltzer/ <http://blog.eweek.com/blogs/larry_seltzer/> <http://blog.ziffdavis.com/seltzer> Contributing Editor, PC Magazine [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
