[VIM] Sophos on buffer overflows

Steven M. Christey coley at mitre.org
Tue Dec 12 14:55:05 EST 2006


Technical information

Buffer overflows are caused by program bugs. They are exploited by
sending more data to a program than it expects. If the program doesn't
check for this, it will read in more data than it has reserved space
for. The extra bytes it accepts may overwrite parts of memory which
the operating system is using for other purposes. As an analogy,
imagine that you are asked to check through 10 pages of a contract,
and then to approve the contract by signing each page. Now imagine
that you check carefully through the first 10 pages, but then blindly
sign the bottom of all the pages you were given. If unscrupulous
lawyers had prepared 12 pages instead of the 10 they asked you to
check, you would have agreed to more than you intended.


More information about the VIM mailing list