http://it.slashdot.org/article.pl?sid=05/02/28/1259211&from=rss

You got it write, except that overwriting other data can be just as bad as overwriting executable code:

char buffer[100];
int dataHasBeenVirusChecked = 0;


gets(buffer);

if (dataHasBeenVirusChecked)
{ sendAsEmailAttachment(buffer); }

In this case, if "buffer" gets overfilled just so, then the program may incorrectly believe that the data it contains is safe to operate on even though it might not be. Remember, folks, there are other ways to exploit an overflowable buffer then the standard "write executable code to stack and jump to it" method.