Stack smashing or heap-based
attacks
•The attacker can hijack execution of the program, and if
the program was running with elevated
privileges, the attacker now has those privileges
•This is the way many worms spread by tricking a network
server into running the a program the
attacker wrote
Data corruption
•An attacker can change their privileges or other
security-related data by overwriting it in
memory
Program crash
•A program crash can lead to denial-of-service because the
service that program was providing will
not be there until the program is restarted
•Sometimes a program crash causes a “core dump” where the
entire memory of the program
(possibly security-sensitive data) is written out to a file the attacker may be
able to read