Attackers generally use buffer overflows to corrupt the execution stack of a web application. By sending
carefully crafted input to a web application, an attacker can cause the
web application to execute arbitrary code, possibly taking over the
machine. Attackers have managed to identify buffer overflows in a
staggering array of products and components. Buffer overflow flaws can be present in both the web server and
application server products that serve the static and dynamic portions
of a site, or in the web application itself. Buffer overflows found in
commonly-used server products are likely to become widely known and can
pose a significant risk to users of these products. When web
applications use libraries, such as a graphics library to generate
images or a communications library to send e-mail, they open themselves
to potential buffer overflow attacks.
