When a process is started under debugger the OS enables
so called "debug heap" which adds guard bytes after each
allocation to help catch corruptions. This however means that
appverifier/pageheap are not able to detect small overruns
the moment they occur, because the actual user buffer is not
immediately followed by an inaccessible page. Debug CRTs
also have functionality similar to the OS debug heap.

You need to either increase the size of the overrun so that it
crosses the page boundary, or make sure debug CRT is not
used, and process is not launched under debugger (you can
however attach debugger after the process has started).
--
This posting is provided "AS IS" with no warranties, and confers no
rights.

If you enable Full Page heap (first checkbox at top of the Properties dialog)
it will on XP32. But your test is lucky, since it will because your original
allocation ends on an 8 byte boundary. On XP64, the allocation would have to
end on a 16 byte boundary (which your also does), but any smaller size would
only be caught if you passed that minimum threshold (8 in XP32, 16 in XP64).
This is due to alignment that the heap has to return the data. You can also
disable that (the Unalign checkbox on the Properties dialog), but most
serious programs will not work with that setting.