void print (char *str) { printf(str); } Call: print("%n") pops 4 bytes off the stack and makes them even accessible for writing (Wil05) |
•owl:Thing |
•Attack |
•Threat |
•Threat |
•Attack |
•ActiveAttack |
•MalformedInput |
•FormatStringAttack |
threatens SOME (_Confidentiality AND _Stack) |
threatens ONLY ((_Confidentiality OR _Integrity) AND _Stack) |
MalformedInput |
threatens SOME (_Integrity AND _Stack) |
Class(FormatStringAttack partial restriction(threatens someValuesFrom(intersectionOf(_Confidentiality _Stack))) restriction(threatens allValuesFrom(intersectionOf(unionOf(_Confidentiality _Integrity) _Stack))) MalformedInput restriction(threatens someValuesFrom(intersectionOf(_Integrity _Stack))))