Sunday, June 5, 2016

Second Order Buffer OverFlow Attacks (SOBOF): Attacking underlying components


The C programming language is still prevalent in computing today. It may be tempting to think that interpreted languages like Java and Ruby have taken over, but this belief is unfounded or at least limited in scope. Even interpreted, Type-safe (in the sense of defining 'undefined' behavior as Exceptions), languages have had their applications ripped open by a buffer overflow. Not in a buffer they contained directly. No these errors exist in the core of the system. In the Kernel hooks and Drivers that every program reliant on features of the Operating System use.