void print (char *str) { printf(str); } Call: print("%n") pops 4 bytes off the stack and makes them even accessible for writing (Wil05) |
•owl:Thing |
•sec:Threat |
•sec:ActiveAttack |
•sec:MalformedInput |
•sec:FormatStringAttack |
sec:threatens SOME (sec:_Confidentiality AND sec:_Stack) |
sec:threatens ONLY ((sec:_Confidentiality OR sec:_Integrity) AND sec:_Stack) |
sec:MalformedInput |
sec:threatens SOME (sec:_Integrity AND sec:_Stack) |
Class(sec:FormatStringAttack partial restriction(sec:threatens someValuesFrom(intersectionOf(sec:_Confidentiality sec:_Stack))) restriction(sec:threatens allValuesFrom(intersectionOf(unionOf(sec:_Confidentiality sec:_Integrity) sec:_Stack))) sec:MalformedInput restriction(sec:threatens someValuesFrom(intersectionOf(sec:_Integrity sec:_Stack))))