Arbitrary code execution
This article needs additional citations for verification. (July 2017) (Learn how and when to remove this template message)
In computer security, arbitrary code execution (ACE) is used to describe an attacker's ability to execute arbitrary commands or code on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE).
Arbitrary code execution is commonly achieved through control over the instruction pointer (such as a jump or a branch) of a running process. The instruction pointer points to the next instruction in the process that will be executed. Control over the value of the instruction pointer therefore gives control over which instruction is executed next. In order to execute arbitrary code, many exploits inject code into the process (for example by sending input to it which gets stored in an input buffer in RAM) and use a vulnerability to change the instruction pointer to have it point to the injected code. The injected code will then automatically get executed. This type of attack exploits the fact that most computers (which use a Von Neumann architecture) do not make a general distinction between code and data, so that malicious code can be camouflaged as harmless input data. Many newer CPUs have mechanisms to make this harder, such as a no-execute bit.
Once the invader can execute arbitrary code directly on the OS, there is often an attempt at a privilege escalation exploit in order to gain additional control. This may involve the kernel itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into a zombie - but privilege escalation helps with hiding the attack from the legitimate administrator of the system. An arbitrary remote code execution with privilege escalation vulnerability in widely deployed software is thus the most powerful vulnerability of them all.
Retrogaming hobbyists have managed to find vulnerabilities in classic video games that allow them to execute arbitrary code, usually using a precise sequence of button inputs in order to cause a buffer overflow, allowing them to write to protected memory. At Awesome Games Done Quick 2014, a group of speedrunning enthusiasts managed to code and create a primitive version of the games Pong and Flappy Bird in a copy of Super Mario World by utilizing a buffer overflow to write arbitrary code to memory.
- Gilreath, William F.; Laplante, Phillip A. (2003-03-31). Computer Architecture: A Minimalist Perspective. Springer Science & Business Media. ISBN 9781402074165.
- Reilly, Edwin D. (2003). Milestones in Computer Science and Information Technology. Greenwood Publishing Group. ISBN 9781573565219.
- "Tech Insight: Execute Disable Bit (XD-Bit)" (PDF). toshiba.pl. 2005.
- "AMD has you covered" (PDF). amd.com. 2012.
- Orland, Kyle (14 January 2014). "How an emulator-fueled robot reprogrammed Super Mario World on the fly". arstechnica.com. Retrieved 27 July 2016.
- "Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability | Symantec". www.symantec.com. Retrieved 2018-10-31.
- "A Vulnerability in 7-Zip Could Allow for Arbitrary Code Execution". New York State Office of Information Technology Services. Retrieved 2018-10-31.
- "NVD - CVE-2017-12934". nvd.nist.gov. Retrieved 2018-10-31.
- "File Operation Induced Unserialization via the "phar://" Stream Wrapper" (PDF). Secarma Labs. 2018.
- "NVD - CVE-2017-12933". nvd.nist.gov. Retrieved 2018-10-31.