<P> Heap sprays for web browsers are commonly implemented in JavaScript and spray the heap by creating large strings . The most common technique used is to start with a string of one character and concatenate it with itself over and over . This way, the length of the string can grow exponentially up to the maximum length allowed by the scripting engine . Depending on how the browser implements strings, either ASCII or Unicode characters can be used in the string . The heap spraying code makes copies of the long string with shellcode and stores these in an array, up to the point where enough memory has been sprayed to ensure the exploit works . </P> <P> Occasionally, VBScript is used in Internet Explorer to create strings by using the String function . </P> <P> In July 2009, exploits were found to be using ActionScript to spray the heap in Adobe Flash . </P> <P> Though it has been proven that heap - spraying can be done through other means, for instance by loading image files into the process, this has not seen widespread use (as of August 2008). </P>

Ips alert 1 executable code was detected. signature et shellcode common 0a0a0a0a heap spray string