In the computer there is a place called "buffer", he is used to store the data entered by the user, the length of the buffer is pre-set, if the user input data more than the length of the buffer, then the overflow, and these overflow data will be covered in the legitimate data, which is like a cup of water. The reason for filling the water, water more than the cup can not be filled, of course, will be overflowed! Buffer overflow vulnerabilities are mainly caused by the fact that many software programs do not check their buffers.
If the overflowed data is a command like "net user 5616 123/add", what will happen if it is executed? (.....) So using buffer overflow is a good way to attack. Common overflow attacks such as: Microsoft's MS-04011 remote buffer overflow vulnerability. The use of this vulnerability will be able to obtain the other side of the SHELL, and this vulnerability has been used by many people to invade, the success rate is very high, but now people are a bit of security consciousness, are patched up the vulnerability, and now very few of such vulnerabilities in the machine.