Malicious and other unwanted objects may include both executable objects, which themselves contain executable code, and malicious static objects that are intended to be loaded by a parent process and then to infect the parent process. In one example, a malicious object exploits a security flaw found in a specific version of a software package. for example, a specific version may include a flaw that permits a stack corruption exploit in which a malicious object overwrites a return address of a subroutine call with the address of a malware routine. When the subroutine pops the return address from its stack and issues a “RETURN” instruction, control is passed to the malware routine.
Such exploits rely on flaws that may be found only in very specific versions of a package, and must assume that exact version number (or at least a version with the exact flaw). If the malware object tries to execute in conjunction with a version in which the flaw has been patched, a software exception may occur. Malware often makes use of undocumented internal structures to exploit vulnerabilities in software. As a result, malware may also trigger exceptions due to incorrect assumptions about internal layout of data structures. The exception may simply cause the program to crash, in which case the user may simply think the file is corrupted, and never detect the malicious intent of the object.