Attacking The Vista Heap presented at KiwiCon 2008

by Ben Hawkes,

Tags: Security

Summary : This presentation explores the cutting edge of heap exploitation theory and practice on Windows Vista. The focus is on finding previously unknown attack vectors resulting from memory corruption on the heap. These include techniques for controlling execution flow by attacking only the heap implementation and not the application itself, and techniques for attacking the application in conjunction with the heap. Additionally, several design changes to further improve the security of the Vista heap will be suggested.
The heap is the userland component in charge of dynamic memory management. It is present and used to some extent in every Windows Vista process. Memory corruption on the heap (heap overflow) is common, seen in nearly every application and making up a large portion of reported vulnerabilities. With Windows Vista, Microsoft introduced several security features to the heap, effectively hardening it from classic heap overflow exploit techniques.