Stack overflow

Overflow vulnerability due to software coding error

Strictly speaking, a stack overflow is what happens when the amount of memory allocated to a program for its call stack is over-filled, causing the program to crash. In general use, particularly in security issues, the term 'stack overflow' refers to a stack buffer overflow, a type of buffer overflow taking place on the call stack.

A stack buffer overflow attack is an attempt to exploit a coding vulnerability in software, where the boundaries for data being passed onto the stack are inadequately controlled. This allows malicious data to be written to the stack in such a way that it overwrites other areas, which can then in turn lead to the data written to those areas being executed as program code. Many major malware attacks have exploited such vulnerabilities, including the hugely widespread Slammer and Blaster worms.

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,239 registered users.