Programming security vulnerabilities are the most common cause of software
security breaches in current day computing. While these can easily be avoided
by an attentive programmer, many programs still contain these kinds of vulnerabilities.
This document will describe what the most commonly occuring ones are and will
then explain how these can be abused to make a program do something it did not
intend to do. We will then take a look at how a recent vulnerability in popular
piece of software was exploited to allow an attacker to take control of the
execution flow of that program. Several solutions exist to detect and prevent
many, though not all, of the vulnerabilities described in this document in existing
programs without requiring source code modifications, and in some cases without
even requiring access to the source code to the applications. We will take an
indepth look at how these solutions are implemented and what their effects are
on legitimate programs, how they attempt to mitigate the restrictions they impose
and what their impact is on the performance of the programs they attempt to
protect. We will also describe if and how these solutions can be bypassed.
This document is in pdf format. To
view it click here.