WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.3  The Web
           9  2.3.4.2  ActiveX

Previous Topic/Section
2.3.4.2  ActiveX
Previous Page
Pages in Current Topic/Section
1
2
3
Next Page
 2.3.4.4  Cookies
Next Topic/Section

2.3.4.3  Buffer Overflows
(Page 2 of 3)

How Are They Exploited?



A buffer overflow can be exploited directly by a malicious user in a variety of ways. For example, providing a bogus URL that is thousands of characters long to a web server has been known to crash a web server. The URL doesn’t have to be valid. It doesn’t have to point to a real web page location … the trick is just in jamming thousands of unexpected characters of any sort down the throat of the web server. At the end of the thousands of unexpected characters might be a bunch of binary data, which is designed to end up in just the right place in memory, that after the buffer overflow takes place, the computer will see that binary data as instructions, and run them.

Buffer Overflow

A buffer overflow occurs when a software program tries to copy too much data into too small an area of computer memory, causing the data to fill up that area and overwrite other areas of memory near it. This may crash the computer or enable an attacker to execute program code of their choosing on it.

Buffer overflow vulnerability can be exploited by providing a very large amount of data in response to a web form. In some situations, the data may include binary data designed to cause the server to execute particular functions when it receives the huge piece of data.



Previous Topic/Section
2.3.4.2  ActiveX
Previous Page
Pages in Current Topic/Section
1
2
3
Next Page
 2.3.4.4  Cookies
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.