buffer overflow some how executing code?

Discussion in 'Computer Information' started by Eckstein C., Dec 6, 2005.

  1. Eckstein C.

    Eckstein C. Guest

    Ok, every so often I run across an article in a forum somewhere that
    given a "buffer overflow" a hacker can execute code on the system.

    This just seems like a load of bunk to me. I've been programming in
    various languages, including, though not limited to, c and cpp, and I
    haven never once encountered a situation where writing past the bounds
    of a buffer, which is just an array of characters, to suddenly be
    converted into some sort of "magical code" that can suddenly wreak
    havoc.

    In any programming I've done where you can write outside of the bounds
    of the buffer (char array), you get UNDEFINED behavior, not some magical
    power. Even the C and C++ specs state this.

    Can someone please explain to me where this comes from. One example I
    just read was an IE6 exploit where using a url that's too logn and
    contains "unusual" characters can allow a "hacker to run code on the
    system." Again, these look liek total bunk to me, as a URL is just text,
    and writting past the bound of the buffer just isn't going to give soem
    REMOTE hacker the ability to suddenly jump into your system, or some put
    code in there.

    Can anyone pelase clear this up? If I'm missing something here please
    let me know.
     
    Eckstein C., Dec 6, 2005
    #1
    1. Advertising

  2. "Eckstein C." <> wrote in
    message news:...
    One example I
    > just read was an IE6 exploit where using a url that's too logn and
    > contains "unusual" characters can allow a "hacker to run code on the
    > system." Again, these look liek total bunk to me, as a URL is just
    > text, and writting past the bound of the buffer just isn't going to
    > give soem REMOTE hacker the ability to suddenly jump into your
    > system, or some put code in there.
    >
    > Can anyone pelase clear this up? If I'm missing something here
    > please let me know.


    Pharming is a particularly nasty threat that uses email viruses and
    security loopholes in browsers and Internet infrastructure to redirect
    web users to specially created web sites where bank and credit card
    details can be harvested. Pharming can operate locally, on a PC
    infected by a virus, so that even though the correct web address is
    entered the victim ends up on the scammer’s web site.

    Alternatively it can affect whole groups of users thanks to Domain
    Name System ‘Poisoning’. In this scenario the scammer hacks into a
    DNS Directory and changes entries so that legitimate requests for a
    bank or credit card company web page are misdirected to bogus web
    sites. DNS poisoning can be hard to detect but the tell-tale signs of
    a ‘spoofed’ web address in the Address bar and the Status bar at the
    bottom of the page, which may contain unusual spellings or punctuation
    marks.
     
    Boscoe Pertwee, Dec 6, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wojtek

    buffer overflow

    Wojtek, Apr 2, 2005, in forum: Cisco
    Replies:
    1
    Views:
    882
    Nicholas Wheeler (Denver, Colarado, USA)
    Apr 3, 2005
  2. stapla222
    Replies:
    1
    Views:
    421
    miwiley
    Apr 11, 2005
  3. Joe

    buffer overflow in xp help

    Joe, Oct 8, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    510
  4. AIM buffer overflow code

    , Oct 22, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    514
  5. AIM buffer overflow code

    , Oct 21, 2005, in forum: Computer Security
    Replies:
    1
    Views:
    594
    Donnie
    Oct 23, 2005
Loading...

Share This Page