String Allocations in Internet Explorer presented at ekoparty 2013

by Chris Valasek,

Summary : Allocation of memory, specifically user-controlled strings, has played a major role in browser exploitation, especially with regards to heap spraying. The underlying knowledge of JavaScript string allocations were widely understood from Internet Explorer 6 through 7. However, while heap spray attacks adapted to changes in Internet Explorer 8-9, public foundational knowledge did not keep pace. This presentation will discuss a brief history of string allocations from Internet Explorer 6 to Internet Explorer 8 then explore current memory management methods for Internet Explorer 9 and beyond. The presentation will conclude with a look at how newly acquired knowledge can be useful for browser exploitation.