Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. http://sfsecurity.pr.erau.edu
An Attacker finds a way
to force a buffer overflow
to meet their purposes
¸Attackers know common vulnerabilities of vendors and their products
¸Attackers learn from the web and from each other how to make buffer
overflows occur
¸Attackers acquire ways to make buffer overflows lead to hijacking a system
or planting seeds for future attacks