Editing Buffer overflow (section)

===Barriers to exploitation===

Manipulation of the buffer, which occurs before it is read or executed, may lead to the failure of an exploitation attempt. These manipulations can mitigate the threat of exploitation, but may not make it impossible. Manipulations could include conversion to upper or lower case, removal of [[metacharacter]]s and filtering out of non-[[alphanumeric]] strings. However, techniques exist to bypass these filters and manipulations, such as [[alphanumeric shellcode]], [[polymorphic code]], [[self-modifying code]], and [[return-to-libc attack]]s. The same methods can be used to avoid detection by [[intrusion detection system]]s. In some cases, including where code is converted into [[Unicode]],<ref>{{cite web |url=http://www.net-security.org/dl/articles/unicodebo.pdf |title=Creating Arbitrary Shellcode In Unicode Expanded Strings |access-date=2007-05-15 |url-status=dead |archive-url=https://web.archive.org/web/20060105041036/http://www.net-security.org/dl/articles/unicodebo.pdf |archive-date=2006-01-05 }}</ref> the threat of the vulnerability has been misrepresented by the disclosers as only Denial of Service when in fact the remote execution of arbitrary code is possible.