Buffer
Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G.
Hogle.
http://sfsecurity.pr.erau.edu
Old
code used for new purposes - Consequences.
“HELLO” in ASCII is 0x48-0x45-0x4C-0x4C-0x4F
“HELLO” in UNICODE (supports international character sets) is 0x00-0x48-
0x00-0x45-0x00-0x4C-0x00-0x4C-0x00-0x4F
•The old code might tell
the new code to give it no more than 5 characters
because it uses a 5-byte buffer.
The new code gives it 5 characters, but
in UNICODE instead of ASCII, so they fill 10 bytes. (The assumption that 5 characters = 5 bytes is a
dangerous one.)
•This is more common and more easily exploitable than you might think. The Venetian exploit can hijack a program with a reasonably sized buffer overflow even if UNICODE format forces the attacker to have half of his attack code bytes be zeros.