2 Replies Latest reply on Apr 2, 2014 9:12 PM by Hayton

    How do I unblock a program blocked by a buffer overflow?

    jkiernan7

      Using  Antivirus Plus 12.8.934.

       

      I have a program that supposedly had a buffer overflow that McAfee caught.  This program is now blocked from running.

       

      How do I unblock this trusted program so that it will run?

       

      Temporarily turning off both the firewall and Runtime Scanning still does not let the program run.

       

       

      Message was edited by: jkiernan7 on 4/1/14 11:42:41 PM CDT
        • 1. Re: How do I unblock a program blocked by a buffer overflow?
          jkiernan7

          I am not sure if things are supposed to work this way, but rebooting the computer seems to have unblocked the trusted application, at least for one run....

          • 2. Re: How do I unblock a program blocked by a buffer overflow?
            Hayton

            A buffer overflow will be detected by McAfee and the program will be blocked. This is to protect your system from the undefined effects of data beyond the end of the input buffer overwriting memory. If that happens one of three things will follow : you get a system crash (a BSOD, most likely); the application will crash with a strange error; or, and this is something you really don't want, the data will turn out to be malicious code which, being written into memory, will immediately do something unpleasant.

             

            What Mcafee is doing is basic protection against malware attacks. If the program you're running is one that you need and trust, you should check to see whether you've got the latest version. Buffer overflows are or should be patched by the software vendor as soon as they're reported - Microsoft rolls out this kind of patch every month. If the company who produced the software don't yet know about this bug, you should inform them of what's happened so they can get a fix out.

             

            Too many software developers fail to sanitise their inputs. It's one of the chief causes of program errors and software vulnerabilities.

             

            Re-booting and running the program successfully may just mean you were lucky with the inputs this time.