Which of the following application attacks is used to gain access to SEH?
A.
Cookie stealing
B.
Buffer overflow
C.
Directory traversal
D.
XML injection
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
… Seriously, what book are they using??
0
0
SEH, do you mean “Structured Exception Handling”, and why?
0
0
I agree, this was nowhere in the study book I read…..
0
0
I think it may be a typo – as in SHE (short for shell)
0
0
Structured exception handling enables you to have complete control over the handling of exceptions, provides support for debuggers, and is usable across all programming so I guess Buffer overflow is trying to overwhelm..
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them
0
0
Structured Exception Handler = SEH
Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns.
If it has been altered, the program exits with a segmentation fault.
Microsoft’s implementation of “Data Execution Prevention” (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten.
• A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
• Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user’s files, change data, or disclose confidential information.
• Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
0
0