Arbitrary code execution

Source: Wikipedia, the free encyclopedia.
"Remote code execution" redirects here. For the science fiction novel, see RCE - Remote Code Execution.

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process.[1] An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE or RCX).

Arbitrary code execution signifies that if someone sends a specially designed set of data to a computer, they can make it do whatever they want. Even though this particular weakness may not cause actual problems in the real world, researchers have discussed whether it suggests a natural tendency for computers to have vulnerabilities that allow unauthorized code execution.[2]

Vulnerability types

There are a number of classes of vulnerability that can lead to an attacker's ability to execute arbitrary commands or code. For example:

Methods

Arbitrary code execution is commonly achieved through control over the

no-execute bit.[9][10]

Combining with privilege escalation

Main article: Privilege escalation

On its own, an arbitrary code execution exploit will give the attacker the same privileges as the target process that is vulnerable.[11] For example, if exploiting a flaw in a web browser, an attacker could act as the user, performing actions such as modifying personal computer files or accessing banking information, but would not be able to perform system-level actions (unless the user in question also had that access).

To work around this, once an attacker can execute arbitrary code on a target, there is often an attempt at a privilege escalation exploit in order to gain additional control. This may involve the kernel itself or an account such as Administrator, SYSTEM, or root. With or without this enhanced control, exploits have the potential to do severe damage or turn the computer into a zombie—but privilege escalation helps with hiding the attack from the legitimate administrator of the system.

Examples

Awesome Games Done Quick 2014, a group of speedrunning enthusiasts managed to code and run versions of the games Pong and Snake in a copy of Super Mario World[12] by utilizing a buffer overflow to write arbitrary code to memory
.

On June 12, 2018, Bosnian security researcher Jean-Yves Avenard of Mozilla discovered an ACE vulnerability in Windows 10.[13]

On May 1, 2018, a security researcher discovered an ACE vulnerability in the 7-Zip file archiver.[14]

PHP has been the subject of numerous ACE vulnerabilities.[15][16][17]

On December 9, 2021, a RCE vulnerability called "

Minecraft: Java Edition and Steam, and characterized as "the single biggest, most critical vulnerability of the last decade".[18][19]

See also

References

  1. ^ Team, KernelCare (25 January 2021). "Remote code execution attack: what it is, how to protect your systems". blog.kernelcare.com. Retrieved 2021-09-22.
  2. arXiv:2105.02124. {{cite journal}}: Cite journal requires |journal= (help
    )
  3. ^ "Deserialization of untrusted data". owasp.org.
  4. ^ "Understanding type confusion vulnerabilities: CVE-2015-0336". microsoft.com. 18 June 2015.
  5. ^ "Exploiting CVE-2018-19134: remote code execution through type confusion in Ghostscript". lgtm.com. 5 February 2019.
  6. ^ "LDD arbitrary code execution".
  7. ISBN 9781402074165
    .
  8. ISBN 9781573565219
    .
  9. ^ "Tech Insight: Execute Disable Bit (XD-Bit)" (PDF). Toshiba Polska. 2005. Archived from the original (PDF) on 2018-10-31. Retrieved 2018-10-31.
  10. ^ "AMD has you covered" (PDF). AMD. 2012. Archived from the original (PDF) on Mar 5, 2019.
  11. ^ "Remote Code Execution - an overview". ScienceDirect Topics. Retrieved 2021-12-05.
  12. ^ Orland, Kyle (14 January 2014). "How an emulator-fueled robot reprogrammed Super Mario World on the fly". Ars Technica. Retrieved 27 July 2016.
  13. ^ "Microsoft Windows CVE-2018-8213 Arbitrary Code Execution Vulnerability". Symantec. Archived from the original on Oct 31, 2018. Retrieved 2018-10-31.
  14. ^ "A Vulnerability in 7-Zip Could Allow for Arbitrary Code Execution". New York State Office of Information Technology Services. Archived from the original on 2021-08-15. Retrieved 2018-10-31.
  15. ^ "NVD - CVE-2017-12934". nvd.nist.gov. Retrieved 2018-10-31.
  16. ^ "File Operation Induced Unserialization via the "phar://" Stream Wrapper" (PDF). Secarma Labs. 2018.
  17. ^ "NVD - CVE-2017-12933". nvd.nist.gov. Retrieved 2018-10-31.
  18. ^ "Zeroday in ubiquitous Log4j tool poses a grave threat to the Internet". Ars Technica. December 9, 2021. Retrieved December 11, 2021.
  19. ^ "Recently uncovered software flaw 'most critical vulnerability of the last decade'". The Guardian. 11 December 2021. Retrieved December 11, 2021.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Arbitrary_code_execution&oldid=1218549420"