How does the non executeable exploit work?

Hello the question is how works non executable exploit's, when i say non executable i mean those who don't have the file extension .exe, like word exploit开发者_如何学运维s .doc or other. How did they make some executable action if they are not compiled?

---

That varies from exploit to exploit.

While .doc isn't an executable format it does contain interpreted vba code which is generally where the malicious content was hidden. When you opened the document there would be an onOpen event or some such fired which would execute the malicious payload. Hence why most office installations have macro's disabled by default these days, far too much scope for abuse.

There are also plenty of things that will run on your system without being a .exe for example .com, .vbs, .hta

Then there are formats which have no normal executable content but can be attacked in other ways, usually taking advantage of poorly written routines to load the files which can allow things like buffer overflows

---

The other way is to exploit bugs in the code that handles those files. Often this will be a 'buffer overflow'. Perhaps the code is expecting a header of 100 bytes, but the malicious file has 120 bytes. That causes the program to overwrite some other data in its memory, and if you can smash the 'stack' with your extra bytes it's possible to redirect the processor to a 'payload' code embedded in your file.

google "buffer overflow exploit" for more.