posted by Thom Holwerda on Mon 10th Nov 2008 08:31 UTC, submitted by irbis
Icon"If you want to make sure your computer or server is not tricked into undertaking malicious or undesirable behavior, it's not enough to keep bad code out of the system. Return-oriented programming exploits start out like more familiar attacks on computers. The attacker takes advantage of a programming error in the target system to overwrite the runtime stack and divert program execution away from the path intended by the system's designers. But instead of injecting outside code - the approach used in traditional malicious exploits - return-oriented programming enables attackers to create any kind of nasty computation or program by using just the existing code."
e p (1)    2 Comment(s)

Technology White Papers

See More