nerdexam
GIAC

GSLC · Question #31

GSLC Question #31: Real Exam Question with Answer & Explanation

The correct answer is A. Code red worm. The Code Red worm exploited a buffer overflow vulnerability in Microsoft IIS to propagate automatically, making it one of the most well-known examples of a worm that uses buffer overflow as its primary attack vector.

Question

Which of the following viruses/worms uses the buffer overflow attack?

Options

  • ACode red worm
  • BKlez worm
  • CNimda virus
  • DChernobyl (CIH) virus

Explanation

The Code Red worm exploited a buffer overflow vulnerability in Microsoft IIS to propagate automatically, making it one of the most well-known examples of a worm that uses buffer overflow as its primary attack vector.

Common mistakes.

  • B. The Klez worm propagated primarily via email attachments and exploited an Outlook/IE MIME header vulnerability (CVE-2001-0154), not a classic buffer overflow.
  • C. Nimda spread through multiple vectors including email, network shares, and IIS Unicode directory traversal exploits, but its primary mechanism was not a buffer overflow.
  • D. The Chernobyl (CIH) virus is a file-infecting virus that overwrites the hard drive's boot sector and flash BIOS; it does not use buffer overflow techniques.

Concept tested. Buffer overflow exploitation by Code Red worm

Reference. https://learn.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice