The Rising Threat of Vulnerabilities Due to Integer Errors

Security&Privacy
2003
Issue No. 4 - July-August
Abstract - The Rising Threat of Vulnerabilities Due to Integer Errors

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Dave Ahmad

July-August 2003 (vol. 1 no. 4)

pp. 77-82

	ASCII Text	x
	Dave Ahmad, "The Rising Threat of Vulnerabilities Due to Integer Errors," IEEE Security and Privacy, vol. 1, no. 4, pp. 77-82, July-August, 2003.

	BibTex	x
	@article{ 10.1109/MSECP.2003.1219077, author = {Dave Ahmad}, title = {The Rising Threat of Vulnerabilities Due to Integer Errors}, journal ={IEEE Security and Privacy}, volume = {1}, number = {4}, issn = {1540-7993}, year = {2003}, pages = {77-82}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSECP.2003.1219077}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security and Privacy TI - The Rising Threat of Vulnerabilities Due to Integer Errors IS - 4 SN - 1540-7993 SP77 EP82 EPD - 77-82 A1 - Dave Ahmad, PY - 2003 VL - 1 JA - IEEE Security and Privacy ER -

Dave Ahmad, Symantec

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSECP.2003.1219077

Vulnerability research is largely driven by trends, which begin when new classes of vulnerabilities are discovered or innovative techniques for exploiting known classes of vulnerabilities are published. For example, when attackers demonstrate that they can exploit a certain type of programming error to compromise a system's security, the result is the immediate discovery of instances of that error present in software packages. In the last few years, two trends that have emerged are format-string bugs (vulnerabilities that are due to errors in the use of "printf()" functions), and heap-based memory corruption bugs (programming errors that resultin data corruption in the region of memory designated for dynamic memory allocation, or the "heap").Once techniques for exploiting these bugs were published, dozens of vulnerabilities were rapidly discovered, exploited, and fixed.

Citation:

Dave Ahmad, "The Rising Threat of Vulnerabilities Due to Integer Errors," IEEE Security and Privacy, vol. 1, no. 4, pp. 77-82, July 2003, doi:10.1109/MSECP.2003.1219077

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.