Invalid values are used to cause unanticipated behavior.
Examples include system calls with pointer values leading to unauthorized
memory areas and requests for data from databases using system escape
characters to cause interprocess communications to operate improperly.
Complexity: In most cases, only a few hundred well-considered attempts are
required to find a successful attack of this sort against a program. No
mathematical theory exists for analyzing this in more detail, but a
reasonable suspicion would be that several hundred common failings make up
the vast majority of this class of attacks and that those sorts of flaws
could be systematically attempted. There is some speculation that software
[Lyu95] could be used to discover such flaws, but no
definitive results have been published to date.