CISSP · Question #432
How can an attacker exploit overflow to execute arbitrary code?
The correct answer is A. Modify a function's return address.. Buffer overflow attacks exploit memory corruption to overwrite a function's saved return address on the stack, redirecting execution to attacker-controlled code. This is the foundational mechanism behind stack-based buffer overflow exploits.
Question
Options
- AModify a function's return address.
- BAlter the address of the stack.
- CSubstitute elements in the stack.
- DMove the stack pointer.
How the community answered
(60 responses)- A75% (45)
- B7% (4)
- C15% (9)
- D3% (2)
Why each option
Buffer overflow attacks exploit memory corruption to overwrite a function's saved return address on the stack, redirecting execution to attacker-controlled code. This is the foundational mechanism behind stack-based buffer overflow exploits.
When a buffer overflow writes beyond its allocated space on the stack, it can overwrite the saved return address (EIP/RIP) stored in the stack frame. When the function executes its RET instruction, the CPU jumps to the attacker-supplied address instead of the legitimate caller, allowing arbitrary code execution such as shellcode or ROP chain gadgets.
Altering the base address of the entire stack is not a practical or direct exploitation technique; attackers target specific saved values within the stack frame, not the stack's memory region address itself.
'Substituting elements in the stack' is too vague and does not describe a recognized exploit primitive - simply swapping generic stack elements does not reliably redirect execution flow to attacker-controlled code.
Moving the stack pointer (ESP/RSP) adjusts where the stack top is perceived to be, but by itself does not redirect execution; without also controlling the return address, arbitrary code execution cannot be achieved.
Concept tested: Stack-based buffer overflow return address hijacking
Source: https://learn.microsoft.com/en-us/windows/win32/secbp/protecting-against-stack-overwrites
Topics
Community Discussion
No community discussion yet for this question.