Share to: share facebook share twitter share wa share telegram print page

Arbitrary code execution

"Remote code execution" redirects here. For the science fiction novel, see RCE - Remote Code Execution.

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process.[1] An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE or RCX).

Arbitrary code execution signifies that if someone sends a specially designed set of data to a computer, they can make it do whatever they want. Even though this particular weakness may not cause actual problems in the real world, researchers have discussed whether it suggests a natural tendency for computers to have vulnerabilities that allow unauthorized code execution.[2]

Vulnerability types

There are a number of classes of vulnerability that can lead to an attacker's ability to execute arbitrary commands or code. For example:

Methods

Arbitrary code execution is commonly achieved through control over the instruction pointer (such as a jump or a branch) of a running process. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next. In order to execute arbitrary code, many exploits inject code into the process (for example by sending input to it which gets stored in an input buffer in RAM) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed. This type of attack exploits the fact that most computers (which use a Von Neumann architecture) do not make a general distinction between code and data,[7][8] so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit.[9][10]

Combining with privilege escalation

Main article: Privilege escalation

On its own, an arbitrary code execution exploit will give the attacker the same privileges as the target process that is vulnerable.[11] For example, if exploiting a flaw in a web browser, an attacker could act as the user, performing actions such as modifying personal computer files or accessing banking information, but would not be able to perform system-level actions (unless the user in question also had that access).

To work around this, once an attacker can execute arbitrary code on a target, there is often an attempt at a privilege escalation exploit in order to gain additional control. This may involve the kernel itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into a zombie—but privilege escalation helps with hiding the attack from the legitimate administrator of the system.

Examples

Retrogaming hobbyists have managed to find vulnerabilities in classic video games that allow them to execute arbitrary code, usually using a precise sequence of button inputs in a tool-assisted superplay to cause a buffer overflow, allowing them to write to protected memory. At Awesome Games Done Quick 2014, a group of speedrunning enthusiasts managed to code and run versions of the games Pong and Snake in a copy of Super Mario World[12] by utilizing an out-of-bounds read of a function pointer that points to a user controlled buffer to execute arbitrary code.

On June 12, 2018, Bosnian security researcher Jean-Yves Avenard of Mozilla discovered an ACE vulnerability in Windows 10.[13]

On May 1, 2018, a security researcher discovered an ACE vulnerability in the 7-Zip file archiver.[14]

PHP has been the subject of numerous ACE vulnerabilities.[15][16][17]

On December 9, 2021, a RCE vulnerability called "Log4Shell" was discovered in popular logging framework Log4j, affecting many services including iCloud, Minecraft: Java Edition and Steam, and characterized as "the single biggest, most critical vulnerability of the last decade".[18][19]

See also

References

  1. ^ Team, KernelCare (25 January 2021). "Remote code execution attack: what it is, how to protect your systems". blog.kernelcare.com. Retrieved 2021-09-22.
  2. ^ Johnson, Pontus (2021). "Intrinsic Propensity for Vulnerability in Computers? Arbitrary Code Execution in the Universal Turing Machine". arXiv:2105.02124. {{cite journal}}: Cite journal requires |journal= (help)
  3. ^ "Deserialization of untrusted data". owasp.org.
  4. ^ "Understanding type confusion vulnerabilities: CVE-2015-0336". microsoft.com. 18 June 2015.
  5. ^ "Exploiting CVE-2018-19134: remote code execution through type confusion in Ghostscript". lgtm.com. 5 February 2019.
  6. ^ "LDD arbitrary code execution".
  7. ^ Gilreath, William F.; Laplante, Phillip A. (2003-03-31). Computer Architecture: A Minimalist Perspective. Springer Science & Business Media. ISBN 9781402074165.
  8. ^ Reilly, Edwin D. (2003). Milestones in Computer Science and Information Technology. Greenwood Publishing Group. p. 245. ISBN 9781573565219.
  9. ^ "Tech Insight: Execute Disable Bit (XD-Bit)" (PDF). Toshiba Polska. 2005. Archived from the original (PDF) on 2018-10-31. Retrieved 2018-10-31.
  10. ^ "AMD has you covered" (PDF). AMD. 2012. Archived from the original (PDF) on Mar 5, 2019.
  11. ^ "Remote Code Execution - an overview". ScienceDirect Topics. Retrieved 2021-12-05.
  12. ^ Orland, Kyle (14 January 2014). "How an emulator-fueled robot reprogrammed Super Mario World on the fly". Ars Technica. Retrieved 27 July 2016.
  13. ^ "Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability". Symantec. Archived from the original on October 31, 2018. Retrieved 2018-10-31.
  14. ^ "A Vulnerability in 7-Zip Could Allow for Arbitrary Code Execution". New York State Office of Information Technology Services. Archived from the original on 2021-08-15. Retrieved 2018-10-31.
  15. ^ "NVD - CVE-2017-12934". nvd.nist.gov. Retrieved 2018-10-31.
  16. ^ "File Operation Induced Unserialization via the "phar://" Stream Wrapper" (PDF). Secarma Labs. 2018.
  17. ^ "NVD - CVE-2017-12933". nvd.nist.gov. Retrieved 2018-10-31.
  18. ^ "Zeroday in ubiquitous Log4j tool poses a grave threat to the Internet". Ars Technica. December 9, 2021. Retrieved December 11, 2021.
  19. ^ "Recently uncovered software flaw 'most critical vulnerability of the last decade'". The Guardian. 11 December 2021. Retrieved December 11, 2021.

Read other articles:

Liste de films français sortis en 1976

Listes de films français ◄◄ 1972 1973 1974 1975 1976 1977 1978 1979 1980 ►► Liste non exhaustive de films français sortis en 1976 1976 Titre Réalisateur Distribution Genre L'Aile ou la Cuisse Claude Zidi Louis de Funès, Coluche Comédie L'Argent de poche François Truffaut Jean-François Stévenin, Virginie Thévenet L'Assassin musicien Benoît Jacquot Anna Karina, Joël Bion À nous les petites Anglaises Michel Lang Rémi Laurent, Stéphane Hillel, Véronique Delbourg Comédie ro...

GSh-23 (機関砲)

GSh-23 GSh-23種類 機関砲原開発国  ソビエト連邦運用史配備期間 1965年-現在配備先  イラク インド セルビア ソビエト連邦 中国 パキスタン ブラジル ブルガリア ベトナム ポーランド ルーマニア ロシア開発史開発者 KBP設計局開発期間 1960年代製造業者 KBP設計局派生型 GSh-23L諸元重量 49.2kg(GSh-23)50kg(GSh-23L)全長 1,387mm(GSh-23

CMX521

Chemical compound CMX521Legal statusLegal status US: Investigational drug Identifiers IUPAC name 4-amino-7-[(2R,3R,4S,5R)-3,4-dihydroxy-5-(hydroxymethyl)oxolan-2-yl]-2-methylpyrrolo[2,3-d]pyrimidine-5-carboxamide CAS Number2077178-99-3 YPubChem CID126520436UNII76US2C2X3FChemical and physical dataFormulaC13H17N5O5Molar mass323.3 g·mol−13D model (JSmol)Interactive image SMILES CC1=NC(=C2C(=CN(C2=N1)[C@H]3[C@@H]([C@@H]([C@H](O3)CO)O)O)C(=O)N)N InChI InChI=1S/C13H17N5O5/c1-4-16-...

Папуа (регіон)

У Вікіпедії є статті про інші значення цього терміна: Папуа. Папуа англ. Papua Region Регіон Папуа Нової Гвінеї Адм. центр Порт-Морсбі Найбільше місто Порт-Морсбі Країна  Папуа Нова Гвінея Населення  - повне 1 456 250[1][2]  - густота 7,2 осіб/км² Площа  - повна 202 542 ...

Red Bull RB16B

Red Bull RB16B La RB16B di Max Verstappen durante il Gran Premio d'Austria Descrizione generale Costruttore  Red Bull Racing Categoria Formula 1 Squadra Red Bull Racing Honda Progettata da Adrian NeweyPierre WachéRob MarshallGuillaume CattelaniSteve WinstanleyEdward AvelingBen WaterhouseDan FallowsCraig Skinner Sostituisce Red Bull RB16 Sostituita da Red Bull RB18 Descrizione tecnica Meccanica Telaio Monoscocca in fibra di carbonio Motore Honda RA621H, V6 1.6 a 90° Turbo Ibrido Trasmis...

Chic (groupe)

Pour les articles homonymes, voir Chic. Chic Nile Rodgers & Chic à Paris en 2013De gauche à droite, Kimberly Davis, Folami Thompson, Nile Rodgers et Jerry Barnes.Informations générales Pays d'origine États-Unis Genre musical Disco, funk, R&B Années actives 1976 – 19831992 – 19961996 – présent Labels BuddahAtlanticWarner Bros.Virgin EMI Composition du groupe Membres (en 2013) Nile RodgersJerry BarnesFolami ThompsonKimberly DavisRalph Rolle Bill HollomanSelan LernerRichard ...

أريو بايو

أريو بايو معلومات شخصية الميلاد 6 فبراير 1985 (38 سنة)  جاكرتا  مواطنة إندونيسيا  الطول 1.83 متر[1]  الحياة العملية المهنة ممثل  اللغات الإندونيسية  المواقع IMDB صفحته على IMDB  تعديل مصدري - تعديل   أريو بايو (بالإندونيسية: Ario Bayu)‏ هو ممثل إندونيسي، ولد في 6 فبراي

Топали

село Топали Церква Св. Параскеви Сербської, с. ТопалиЦерква Св. Параскеви Сербської, с. Топали Країна  Україна Область Одеська область Район  Подільський район Громада Окнянська селищна громада Код КАТОТТГ UA51120150440068649 Основні дані Засноване 1750 Населення 1224 Площа 4,89...

Ewa Kłobukowska

Ewa KłobukowskaEwa Kłobukowska pada sekitar tahun 1967Informasi pribadiKewarganegaraanPolandiaLahirTanggal tidak terbaca. Angka tahun harus memiliki 4 digit (gunakan awalan nol untuk tahun < 1000). (usia Kesalahan ekspresi: Operator < tak terduga)Warsawa, PolandiaTinggi170 m (557 ft 9 in)Berat60 kg (132 pon) (132 pon) OlahragaOlahragaAtletikLombaLariKlubSkra WarszawaPrestasi dan gelarPeringkat pribadi terbaik100 m – 11.1 (1965)200 m – 22.9 (1967)[1]...

Joe Joyce (boxer)

English boxer (born 1985) Joe JoyceJoyce at the 2016 Summer OlympicsBorn (1985-09-19) 19 September 1985 (age 38)London, EnglandOther namesJuggernautStatisticsWeight(s)HeavyweightHeight6 ft 5 in (196 cm)[1]Reach80+1⁄2 in (204 cm)[1]StanceOrthodox Boxing recordTotal fights17Wins15Wins by KO14Losses2 Medal record Men's amateur boxing Representing  Great Britain Olympic Games 2016 Rio de Janeiro Super-heavyweight European Games 2015 Ba...

إمارة أنشان

إمارة أنشانمعلومات عامةنوع المبنى مدينة قديمة — موقع أثري — عاصمة — دولة مدينة المنطقة الإدارية عيلام — بارس البلد  إيران[1] عوض Parsua (en) أبرز الأحداثالهدم 675 معلومات أخرىالإحداثيات 30°00′42″N 52°24′28″E / 30.0117°N 52.4078°E / 30.0117; 52.4078 تعديل - تعديل مصدري - تعديل ويكي

Australian Drivers' Championship

Sport competition Australian Drivers' ChampionshipCategoryOpen wheel racingCountryAustraliaInaugural season1957ConstructorsLigier AutomotiveEngine suppliersFordTyre suppliersHoosierDrivers' championAaron Cameron The Australian Drivers' Championship was a motor racing championship contested annually from 1957 to 2014 by drivers of cars complying with Australia's premier open-wheeler racing category as determined by the Confederation of Australian Motor Sport. From 2005 to 2014 this categor...

Rodney Ellis

American politician (born 1954) Rodney EllisEllis in October 2020Member of the Texas Senatefrom the 13th districtIn officeFebruary 27, 1990 – January 9, 2017Preceded byCraig Anthony WashingtonSucceeded byBorris MilesHarris County Commissioner from Precinct 1IncumbentAssumed office January 9, 2017Preceded byEl Franco LeeMember of the Houston City Council from District DIn officeJanuary 2, 1983 – December 28, 1988Preceded byAnthony HallSucceeded byAlfred Calloway Perso...

Nablus Sanjak

Ottoman administrative area in the Levant (1549–1918) Sanjak of Nablusسنجق نابلسSanjak of the Ottoman EmpireUnder Damascus Eyalet (1549–1856)Under Sidon Eyalet (1856–1864)Under Syria Vilayet (1864–1888)Under Beirut Vilayet (1888–1918)1549–1918Nablus Sanjak, 1914CapitalNablusHistoryHistory • Established 1549• Sykes–Picot Agreement 16 May 1916• Battle of Nablus 19–25 September 1918• Disestablished 1918 Succeeded by Occupied Enemy Territo...

ألفرد ميتكالف جاكسون

هذه المقالة يتيمة إذ تصل إليها مقالات أخرى قليلة جدًا. فضلًا، ساعد بإضافة وصلة إليها في مقالات متعلقة بها. (مارس 2019) ألفرد ميتكالف جاكسون (بالإنجليزية: Alfred Metcalf Jackson)‏    معلومات شخصية الميلاد 14 يوليو 1860  ساوث كارولتون  الوفاة 11 يونيو 1924 (63 سنة)   وينفيلد  مواطنة ...

Persona 5 Strikers

2020 video game 2020 video gamePersona 5 StrikersDeveloper(s)Omega ForceP-StudioPublisher(s)SegaDirector(s)Mumon UsudaDaisuke KanadaProducer(s)Daisuke KanadaKenichi OgasawaraDesigner(s)Takaaki OgataProgrammer(s)Tatsuto TsuchishitaArtist(s)Shigenori SoejimaWriter(s)Takaaki OgataToru YorogiYusuke NittaComposer(s)Atsushi KitajohGota MasuokaAyana HiraHiromu AkabaSeriesPersonaDynasty WarriorsPlatform(s)Nintendo SwitchPlayStation 4WindowsReleaseSwitch, PS4JP: February 20, 2020WW: February 23, 2021W...

Matthew Tuck

Welsh singer and guitarist This biography of a living person needs additional citations for verification. Please help by adding reliable sources. Contentious material about living persons that is unsourced or poorly sourced must be removed immediately from the article and its talk page, especially if potentially libelous.Find sources: Matthew Tuck – news · newspapers · books · scholar · JSTOR (December 2022) (Learn how and when to remove this template ...

Noni Hazlehurst

Australian actress This biography of a living person needs additional citations for verification. Please help by adding reliable sources. Contentious material about living persons that is unsourced or poorly sourced must be removed immediately from the article and its talk page, especially if potentially libelous.Find sources: Noni Hazlehurst – news · newspapers · books · scholar · JSTOR (May 2022) (Learn how and when to remove this template message) N...

GoJet Airlines

Regional airline of the United States GoJet Airlines IATA ICAO Callsign G7 GJS LINDBERGH Founded2004; 19 years ago (2004)AOC #N6WA249L[1]HubsChicago–O'HareNewarkWashington–DullesFrequent-flyer programMileage PlusAllianceStar Alliance (affiliate)Fleet size67 (7 awaiting conversion)Destinations80+Parent companyTrans States HoldingsHeadquartersBridgeton, Missouri, United StatesKey peopleHulas Kanodia (Owner)Rick Leach (President)Employees1,670Websitewww.gojetai...

Chinatown Square

Shopping mall in Chicago, United StatesChinatown SquareChinatown Square from the LLocationChinatown, Chicago, United StatesCoordinates41°51′14″N 87°37′59″W / 41.85389°N 87.63306°W / 41.85389; -87.63306Address2100 S. Wentworth Ave.Opening date1993DeveloperChinese American Development CorporationArchitectHarry Weese and AssociatesNo. of floors2Public transit access CTA  Red  at Cermak-ChinatownWebsitewww.chicagochinatown.org Chinatown Square (tradit...

Таласская битва
Volkswagen Polo R WRC
جائزة أستراليا الكبرى 2010
Omega Phi Beta
Romania men's national ice hockey team
باو أودوارد
Dōkyonin wa Hiza, Tokidoki, Atama no Ue.
Шеміна
List of top-division football clubs in CONCACAF countries
Regering-Martens VI
Denys Dobson
Feichten an der Alz
Елісон Мобрей
Anton Källberg
Ковалевщизна-Фольварк
Michel v. Tell
ماسيج كوزاك
Portão
Daud Yordan
Anita & Alexandra Hofmann
Emil Kraepelin
Apples to Apples
Armoured warfare of the Islamic State
Ugly Miss Young-ae
Robinson Crusoe
Vụ nổ hạt nhân
Посольство України в Сирії
Copland (crater)
Lambang Negara dan Kekaisaran Jepang
Jalan Haji Fachrudin (Jakarta)
The Owl House
Ryaas Rasyid
Lukat gni
Battle of Caseros
Tari Sekapur Sirih
Stratford station
الزي الرسمي وشارات شوتزشتافل
Luca Argentero
Pedro de Gante
Port of Hualien
Golpayegan County
Nellie Leland School
Punjab, India
Gibril Faal
Turkmenistan–United States relations
Revenger (novel)
Bedminster railway station
الرابطة الجزائرية المحترفة الأولى 1971–72
Cobra (video game)
List of members of the Parliament of Fiji (1987)
Shola Aur Shabnam (1961 film)
Shinedown
1995 NASCAR Winston Cup Series
Hong Kong Economic, Trade and Cultural Office (Taiwan)
Daryanne Lees
Heterodontosauriformes
Grogol, Sukoharjo
Batman Beyond
2017–18 Central Arkansas Sugar Bears basketball team
Line 6 (Chongqing Rail Transit)
擎天神-半人馬運載火箭
Vanchiyoor Athiyara Madhom
The Rejected Woman
HMS Delhi (D47)
Lorenzo B. Shepard
High and Mighty (album)
Under and Alone
Tuguegarao
Corong pemisah
SpongeBob SquarePants 4-D
Recovery Road
We Like It Here
Jovem Pan
Herzschlag – Das Ärzteteam Nord
Jamnagar district
Slave rebellion
Visual gag
Boasian anthropology
The Country Gentlemen
Muon spin spectroscopy
جيف شيغر
Thomas Kuhn
Sail Karimunjava
Gulshan Thana
Superman (1978 film)
Manuel José Quintana
Republic Monument
Harley Owners Group
Park Soo-jin
Ian Bowater
Caritas Macau
シンプリキウス (ローマ教皇)
The LA Sessions
Foxconn and unions
The Atonement Child
The Saloon
Superconductivity
Dan Hedaya
Petaluma River
SMK Bina Insan Mulia
Eliza Manningham-Buller
Kevin Manno
Production Courtyard
Hemispheres of Earth
Phoenix Building
Clive Mantle filmography
Tennis at the 1924 Summer Olympics – Mixed doubles
Tournoi des Quatre Nations
Calamarca
Pedri
World Register of Marine Species
Takraw Association of Thailand
Deluxe Music
Salvezines
Seuso Treasure
Basketball in Australia
Beatmania IIDX Substream
Dietrich von Hildebrand
Tom Tate
Massachusetts House of Representatives' 11th Essex district
Roberto Orci
Maya Darpan
Associazione Calcio Mantova 1965-1966
World Outgames
Ooredoo Oman
Frontier Ruckus
Mesonephric duct
2008 in darts
Batalyon Zeni Tempur 19
Tomb of the Julii
Aksara Limbu
2024 Solomon Islands general election
Functional block diagram
José Castillo
Mexico women's national football team
Abderus
Treaty of Grimnitz
Court Square Park
David Hughes (Lancashire cricketer)
European Netball Championship
Bauernmarkt (Wien)
Brother Beat
Gadingan, Sliyeg, Indramayu
جورج بالاد
Mangunsari, Kedungwaru, Tulungagung
Diplomasi ping-pong
Mojowarno, Kaliori, Rembang
Delaware Fightin' Blue Hens
Caudron C.430 Rafale
1978 Brisbane Lions SC season
Daniel B. St. John
1788 in Great Britain
Hugo Suolahti
List of railway roundhouses
Daftar burung Taiwan
François-Étienne de Damas
Francis Price (planter)
Kecepatan udara
Mataiwoi, Molawe, Konawe Utara
Collector's Item
The Varsity Polo Match
Sanza
Kalle Ankas Bästisar
Primato di Pietro
Fabian van Dijck
Ricardo Zonta
Multiple encryption
Attente ai marinai!
Nicolas Jackson
複十字病院
Parami Energy Group
Chris Paul
Enzo Siciliano
Ahmed Saad
Файл:Plunkett & Macleane.JPG
Загродський Олександр Олександрович
The Little Red Book
Breyer Zoltán
Herrarnas halv tungvikt i judo vid olympiska sommarspelen 1992
Putzbrunn
List of players to appear in the World Snooker Championship
HIV/AIDS in Lesotho
拉涅里·馬齐利
Коморско-мексиканские отношения
Don't Ever Marry
Tulane Hullabaloo
User talk:Dreamer in Utopia
米米·索爾迪西克
Yang Kukuh, Yang Runtuh
Rumi Ochiai
ستيوارت مكدونالد
Kakap (perahu)
El Pino, Morelia
Oscar voor beste verhaal
Cernay-en-Dormois
熊華國
15th Cavalry Division (United States)
HMS Rattler (1843)
Cupa Moldovei 2016-2017
Kaipara Entrance
New York City Center
Ján Tóth
2005 сон
Mikheil Saakashvili
Papež Pelagij II.
Račice
Buffalo Memorial Auditorium
Almaaz
Myrsidea troglodyti
Saranga
Can't Hold Us Down
Batu Ralang, Teupah Selatan, Simeulue
Torás, Torás, A Laracha
Chestnut Camp Branch
Unsum, Raren Batuah, Barito Timur
Milk Canyon (walog sa Tinipong Bansa, Oregon)
Grønamyra
Grace Darmond
Jock Page Hill
Watson Mountain (bukid sa Tinipong Bansa, Idaho)
Bakåsen (bungtod sa Noruwega, Buskerud fylke, Flesberg)
Dawn of the Devastation
Alternaria violae
Villagers of Ioannina City
Bogan Gap
Amelia Wershoven
Baureihe (Eisenbahn)
Heřmánky
Godmyrin (kalapukan sa Noruwega, lat 61,77, long 9,86)
Campospinoso
Ima (suba sa Tunga-tungang Aprikanhong Republika)
Пламеницький Анатолій Олександрович
Langkåsen
Roony Bardghji
Huai Kamphaeng Laeng
Heilig Hartbeeld (Bergen op Zoom)
Suore orsoline di Maria Immacolata
Liste der Gemeinden im Département Lot-et-Garonne
The Adventures of Captain Africa
Saah
Fonacot (México)
Frank Gause
Maria Olszewska (polityk)
Кас'ян Олександр Юрійович
Сиговил (Тексас)
Ravan
Championnat du Kazakhstan de football 2019
Kembali kehalaman sebelumnya