The Buffer Overrun Scenario
A marketing assistant at a medium-sized advertising firm is putting the finishing touches on a client's newsletter. She needs one more image to add to the newsletter before she sends it off to the printer. And she knows where to get it.
She logs onto her computer network, fires up her web browser, and goes in search of the clip art image she needs. The web site she finds is filled with all kinds of clip art for her software application. She chooses a clip art image and is directed to what she believes to be a legitimate download page, where she clicks the link to download the image.
However, the person who made the web site has embedded malicious code in the clip art image download page. Unknown to the user, Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability allows an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.
To make the malicious code run, all she had to do was request the download in her browser. This executes the buffer overrun code and allows the malicious code to give the attacker remote system-level access to her computer and her company's network.