Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.īe wary that a language’s interface to native code may still be subject to overflows, even if the language itself is theoretically safe. Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.įor example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data.Īs a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash. Affected Software NameĬertain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced. The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |