Use After Free Exploitation presented at AppSecUSA 2014

by Stephen Sims,

Summary : Use After Free vulnerabilities are the cause of a large number of web browser and client-side compromises. Software bugs residing on the heap can be difficult to detect through standard debugging and QA. This presentation will first define the Use After Free vulnerability class, and then dive deep into detecting the bug in a debugger and weaponizing it into a working exploit against Internet Explorer. We will also cover the concept of memory leaks which can allow for a complete Address Space Layout Randomization (ASLR) bypass.