Skip to main content


Home Heap spray

Heap spray

(also heap spraying, heap spray attack)

Heap spray definition

A heap spray is a technique or method that allows individuals and organizations to attack and exploit vulnerable systems and networks. It is an old technique that facilitates arbitrary code execution.

A heap spray happens when an attacker writes to the heap for a running program. A heap is a predetermined location in a computer’s or system’s memory. The process of writing a heap is also called spraying the heap.

By conducting a heap spray, attackers can take control of a system or network and call commands in a heap. When someone conducts a heap spray, they do so to ensure they have access to a system or network later. So a heap spray is not an attack in itself. Instead, it is a way to make other cyberattacks more successful. Attackers can perform a heap spray using a few programming languages, like JavaScript, HTML5, and VBScript.

See also: cyberattack, exploit

Heap spray prevention

Create an allocation history. An allocation history is a list that shows information on allocations and cancellations made on a certain system.

Detect shellcode execution. A shellcode is a list of instructions that execute a command in a piece of software to exploit a compromised machine or computer or take control over said machine or computer. By setting up a system that detects it, you can prevent heap spray attacks from happening.