You know how we were talking about a return address from a function? Basically, you put your own code (can do anything you want it to do) into the memory and get its memory address. Then you do a buffer overflow and when you get to the return address "field", instead of putting crap in it, you put in the memory address of the code that you put into the memory yourself.

This code can do whatever you want it to do, such as start a shell (quite a common one). But that's only an example.

ac