Definition

Heap spray is an old technique of executing arbitrary code to attack and exploit vulnerable networks and systems.

The attacker puts a sequence of bytes to a specific location in a system or computer’s memory (heap), a process known as spraying the heap.

By writing to the heap, the attacker assumes control of a network or system and executes commands using programming languages such as HTML5, JavaScript, and VBScript.

Generally, heap spray is not an attack but a way of making a cyberattack more successful.

History of Heap Spraying

Heap spraying was developed in the late 1990s and early 2000s as a more reliable way to execute code in software vulnerabilities. One of its first well-known applications was the exploitation of Microsoft Internet Explorer.

However, exploiting software vulnerabilities with heap spray has become more challenging with the emergence of advanced software defensive measures and security practices. Modern-day operating systems and browsers integrate sophisticated security defenses such as memory randomization, sandboxing among other techniques to prevent heap spraying and other forms of attack.

Heap Spray Prevention