Buffer
Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G.
Hogle.
http://sfsecurity.pr.erau.edu
Old code used for new purposes - Consequences.
“HELLO” in ASCII is
0x48-0x45-0x4C-0x4C-0x4F
“HELLO” in UNICODE (supports international
character sets) is 0x00-0x48-
0x00-0x45-0x00-0x4C-0x00-0x4C-0x00-0x4F
•The old code might tell the new code to give it no more than 5 characters because it uses
a 5-byte buffer. The new code
gives it 5 characters, but in UNICODE
instead of ASCII, so they fill 10 bytes. (The assumption that 5
characters = 5 bytes is a dangerous one.)
•This is more common and more easily exploitable than you might think. The Venetian exploit can hijack a program with a reasonably sized buffer overflow even
if UNICODE format forces the attacker to have half of his attack
code bytes be zeros.