*The 50% discount is offered for all e-books and e-journals purchased on IGI Global’s Online Bookstore. E-books and e-journals are hosted on IGI Global’s InfoSci® platform and available for PDF and/or ePUB download on a perpetual or subscription basis. This discount cannot be combined with any other discount or promotional offer. Offer expires June 30, 2020.
There are a number of vulnerabilities that occur frequently and as such have become a favorite for attackers to use to perform code injection. We will examine how different memory allocators might be misused by using one of three common vulnerabilities: “heap-based buffer overflows”, “off by one errors” and “dangling pointer references”. In this section we will describe what these vulnerabilities are and how they could lead to a code injection attack.
Heap memory is dynamically allocated at run-time by the application. Buffer overflow, which are usually exploited on the stack, are also possible in this kind of memory. Exploitation of such heap-based buffer overflows usually relies on finding either function pointers or by performing an indirect pointer attack (Bulba & Kil3r, 2000) on data pointers in this memory area. However, these pointers are not always present in the data stored by the program in this memory. As such, most attackers overwrite the memory management information that the memory allocator stores in or around memory chunks it manages. By modifying this information, attackers can perform an indirect pointer overwrite. This allows attackers to overwrite arbitrary memory locations, which could lead to a code injection attack (anonymous, 2001; Younan, 2003). In the following sections we will describe how an attacker could use specific memory managers to perform this kind of attack.