Revision as of 07:59, 12 August 2024 edit Tikmok (talk \| contribs) Extended confirmed users 2,095 edits Clarify that physical access is one of the possibility ← Previous edit		Revision as of 08:13, 12 August 2024 edit undo Tikmok (talk \| contribs) Extended confirmed users 2,095 edits →Classification: arbitrary paragraph grouping Next edit →
Line 11: A ''remote exploit'' works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A ''local exploit'' requires prior access or physical access to the vulnerable system, and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with a client application. A common form of exploits against client applications are [[browser exploit]]s. Exploits against client applications may also require some interaction with the user and thus may be used in combination with the [[social engineering (security)\|social engineering]] method. ~~Exploits against client applications may also require some interaction with the user and thus may be used in combination with the [[social engineering (security)\|social engineering]] method.~~ Another classification is by the action against the vulnerable system; unauthorized data access, arbitrary code execution, and denial of service are examples. Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches the highest administrative level (often called "root"). In this case the attacker is chaining several exploits together to perform one attack, this is known as an exploit chain.

Exploit (computer security): Difference between revisions