This article looks at the evolution of various exploitation techniques used for widely exploiting
client applications along with exploit prevention technologies available in the industry
Browser exploitation's have been on a steady rise for the past few years. The recent dearth of “wormable”
Microsoft service vulnerabilities has made client exploitation a prime attack vector for malware deployments
by the adversaries. In this article we look at the evolution of various exploitation techniques used for widely exploiting client applications along with exploit prevention technologies available in the industry.
We’ll use Internet Explorer and its closely associated plugins as the primary focus. Many of the exploitation and remediation technologies mentioned are applicable for other browsers, including other client applications like Adobe Reader, for example. The constantly evolving, huge code base in browsers provides a large surface for attackers to continuously exploit the browsers. Coupled with the fact that most of these attacks have a social engineering component, attackers are consistently successful in infiltrating enterprise infrastructures.
This brief article is primarily focused on exploitation technologies that were adopted by attackers to actively exploit clients and use techniques popularly known as “first stage” shellcode. Post exploitation of the vulnerable application, the payload typically executes in more stages to finally install malware on the victim system. For the sake of brevity, we won’t deal with kernel mode exploitation but rather focus on
the widely used “user mode” exploitation primitives. We’ll conclude with some recommendations and best approaches needed for protecting the end users
read more.........http://blogbromium.files.wordpress.com/2013/01/heap-sprays-to-sandbox-escapes_issa0113.pdf