Hot New OS Flaw: Integer Overflow

This may come as a surprise: Integer overflow is now one of the biggest vulnerabilities reported in vendor operating systems.

Buffer overflow maintains its top ranking as the most exploited security flaw in operating systems, but integer overflows are now at number two, according to Mitre's latest Common Vulnerability and Exposures (CVE) report.

"If 'smashing the stack'-style buffer overflows were the first wave of serious exploitable problems, and heap overflows were the second wave, integer overflows are the third wave," says Thomas Ptacek, a researcher with Matasano Security. "Developers have gotten more careful about the first two problems, so auditors moved on." Dark Reading - Desktop Security - Hot New OS Flaw: Integer Overflow - Security News Analysis

Linked by shanmuga Wednesday, 11th October 2006 3:24AM