Arbitrary code

From Wikipedia, the free encyclopedia

Look up arbitrary in Wiktionary, the free dictionary.

In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code.

The term is most often seen in the phrase arbitrary code execution when describing types of security vulnerability found in software. This is considered the worst possible security vulnerability. The arbitrary code introduced can be used to install a computer virus, spyware, a trojan horse, a program that erases or scrambles data on the hard disk, or any other sort of malware.

This type of injection normally occurs as a result of application bugs involving buffer overflows, or can be caused by attacks which exploit stack overflows, heap overflows, integer overflows, or format string attacks.