nerdexam
(ISC)2

CISSP · Question #432

How can an attacker exploit overflow to execute arbitrary code?

The correct answer is A. Modify a function's return address.. Buffer overflow attacks exploit memory corruption to overwrite a function's saved return address on the stack, redirecting execution to attacker-controlled code. This is the foundational mechanism behind stack-based buffer overflow exploits.

Submitted by carlos_mx· Mar 5, 2026Software Development Security

Question

How can an attacker exploit overflow to execute arbitrary code?

Options

  • AModify a function's return address.
  • BAlter the address of the stack.
  • CSubstitute elements in the stack.
  • DMove the stack pointer.

How the community answered

(60 responses)
  • A
    75% (45)
  • B
    7% (4)
  • C
    15% (9)
  • D
    3% (2)

Why each option

Buffer overflow attacks exploit memory corruption to overwrite a function's saved return address on the stack, redirecting execution to attacker-controlled code. This is the foundational mechanism behind stack-based buffer overflow exploits.

AModify a function's return address.Correct

When a buffer overflow writes beyond its allocated space on the stack, it can overwrite the saved return address (EIP/RIP) stored in the stack frame. When the function executes its RET instruction, the CPU jumps to the attacker-supplied address instead of the legitimate caller, allowing arbitrary code execution such as shellcode or ROP chain gadgets.

BAlter the address of the stack.

Altering the base address of the entire stack is not a practical or direct exploitation technique; attackers target specific saved values within the stack frame, not the stack's memory region address itself.

CSubstitute elements in the stack.

'Substituting elements in the stack' is too vague and does not describe a recognized exploit primitive - simply swapping generic stack elements does not reliably redirect execution flow to attacker-controlled code.

DMove the stack pointer.

Moving the stack pointer (ESP/RSP) adjusts where the stack top is perceived to be, but by itself does not redirect execution; without also controlling the return address, arbitrary code execution cannot be achieved.

Concept tested: Stack-based buffer overflow return address hijacking

Source: https://learn.microsoft.com/en-us/windows/win32/secbp/protecting-against-stack-overwrites

Topics

#buffer overflow#exploit development#arbitrary code execution#memory management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice