BUFFER OVERFLOW:

BUFFER OVERFLOW:

                In this type of attacks, the extra data may contain codes designed to trigger specific actions, sending new instructions to the attacked computer which in turn could damage the user’s files; change data or disclose confidential information.

                A BUFFER OVERFLOW occurs when a program or process tries to store more data in a buffer (temporary data storage area) that it is intended to hold. Since, buffers are created to contain a limited amount of data; the extra information can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. These attacks are said to arisen because “the C Programing language supplied the framework and poor programing practices supplied the vulnerability.”

                A programing flaw made it possible for an attacker to compromise the integrity of the target computer by simply sending an e-mail which was discovered several years ago, in Microsoft’s Outlook and Outlook Express program. Here, users could not protect themselves by not opening attached files; in fact, the user did not have to open the message as well, to enable the attack. The program’s message header mechanism had a defect that made it possible for senders to overflow the area with extraneous data allowing attacker to execute whatever type of code they desired on the recipient’s computers. This process is activated as soon as the recipient downloaded the message from the server. This type of Buffer Overflow attack was very difficult to defend. Therefore, since then, Microsoft has created a patch to eliminate the vulnerability.