An attacker might exploit something like this as a second stage of an attack -- i.e., use some first vulnerability to let them "run arbitrary code" on the target machine, and use that arbitrary code to invoke something like this to elevate their permissions. (It's not obvious that running *notepad* should raise anyone's permissions, but if this overflow lets them run code as the *owner* of notepad.exe, it might -- and there could be more dangerous local executables that *do* raise permissions as part of normal operations.)
Also, buffer overflows can, in some cases, drive CPU use to 100%, making for a dandy DoS attack. So while a local buffer overflow is not sufficient for a remote compromise, it's still a potential threat to the system. David Gillett > -----Original Message----- > From: SmartKID [mailto:[EMAIL PROTECTED]] > Sent: January 11, 2003 09:45 > To: [EMAIL PROTECTED] > Subject: Threat scenarios from local buffer overflow > > > Hi, > > Are there any possible threat scenarios from a buffer overflow in an > executable stored locally. For instance, say something like > notepad.exe has > a buffer overflow, which might be exploited by issuing > > notepad aaaaaa(3000 times).txt > > Would this allow any sort of system compromise or privilege execution? > > Thanks > SmartKIDJoe >
