| Check Point Reference: |
SBP-2006-22 |
| Date Published: |
16 Jul 2006 |
| Severity: |
Critical
|
| Last Updated: |
Sunday 01 January, 2006 |
| Source: |
SmartDefense Research Center |
| Protection Provided by: |
|
| Who is Vulnerable? | Web servers
Web applications |
| Vulnerability Description |
Malicious Code Protector is a patent-pending technology from Check Point designed to detect buffer overflow attacks. Malicious Code Protector provides highly accurate and efficient detection of attacks through an analysis of executable code in a Virtual Server environment. Designed to detect even previously unknown attacks, customers gain protection for their applications before vulnerability can be exploited and before an attack can infect the target. |
| Vulnerability Details | Buffer overflow attacks target the way host machines handle input data and memory space. When an application is running on a host machine it allocates a certain portion of memory (the buffer) for input data to be placed. The problem arises, because while the buffer used by the application is a fixed size, the application itself may not restrict the amount of data that can be input into the buffer. For example, a programmer may expect data to be less than 26 bytes and will allocate the appropriate amount of memory. However, a user may input 27 bytes of data. The result is the application writes more data than is allocated in the buffer (the overflow) and corrupts the memory. |
Feedback