OUSPG

[This page is CSS2 enabled. Your browser might not fully support it]

Running Malicious Code By Exploiting Buffer Overflows: ...

$RCSfile: index.html,v $ $Revision: 1.3 $ $Date: 2000/08/10 10:45:42 $

ABSTRACT

Buffer overflow vulnerabilities emerge and are announced frequently. Exploitation details and exploits are publicly available for interested parties. These code-based attacks allow malicious code to be executed on the vulnerable systems. This paper provides a brief introduction to buffer overflow vulnerabilities and methods of exploiting them and a review of well-known articles on buffer overflows. A survey is made of exploits that are easily available to everyone, including the underground community. A database of exploits is chosen and studied. Articles on buffer overflows are reviewed, and the exploits presented are examined in terms of functionality. An attempt is made to analyze the distinctive characteristics and operational components of the exploits. Exploitation methods were observed to follow the same guidelines for all platforms. Some figures on exploits are shown. Protection methods and advanced exploitation methods for circumventing them are considered, and issues requiring future research or pertaining to the development of exploits are raised.

[This page is CSS2 enabled. Your browser might not fully support it]