Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Buffer overflow
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Barriers to exploitation=== Manipulation of the buffer, which occurs before it is read or executed, may lead to the failure of an exploitation attempt. These manipulations can mitigate the threat of exploitation, but may not make it impossible. Manipulations could include conversion to upper or lower case, removal of [[metacharacter]]s and filtering out of non-[[alphanumeric]] strings. However, techniques exist to bypass these filters and manipulations, such as [[alphanumeric shellcode]], [[polymorphic code]], [[self-modifying code]], and [[return-to-libc attack]]s. The same methods can be used to avoid detection by [[intrusion detection system]]s. In some cases, including where code is converted into [[Unicode]],<ref>{{cite web |url=http://www.net-security.org/dl/articles/unicodebo.pdf |title=Creating Arbitrary Shellcode In Unicode Expanded Strings |access-date=2007-05-15 |url-status=dead |archive-url=https://web.archive.org/web/20060105041036/http://www.net-security.org/dl/articles/unicodebo.pdf |archive-date=2006-01-05 }}</ref> the threat of the vulnerability has been misrepresented by the disclosers as only Denial of Service when in fact the remote execution of arbitrary code is possible.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)