QUESTION 4 A user program written in C/C++ language has among its code, a variable "A" declared as an 8byte long string buffer. When the program is compiled, the variable "A" is initialized with a null string and given a memory location which happens to lie adjacent to a memory location that was reserved for an operating system code containing the 4-byte pattern " 001Co00A " (in hexadecimal), as illustrated in Table 1 below. In context, this 4-byte pattern represents two parts: the first 2-byte code " 001C " is an instruction telling the processor to jump to a number of memory locations forward given by the second 2 -byte code. Therefore, as an example the 4-byte code " 001C000A " means processor must jump to 000 A (or 10 in decimal) memory locations forward. Typically, older generation high-level programming languages like ClC+ do not provide any built-in protection against accessing or overwriting data in any part of the RAM memory or that can automatically check data written to a buffer's memory is within the bounds of the declared variable, unless specified by the programmer's own codes. Assume the programmer did not develop any additional code to check the length of a string that may be inserted by a user to update the " A "variable. a) If the program above attempts to store a string say, " Securities " as the value for " A " variable, update the new contents of all the memory locations in Table 1 below. (10 marks) b) Determine what would subsequently happen when the user program is executed by the processor after the above string in 4 (a) is stored in the respective memory locations. (6 marks) c) Assess how an attacker could exploit this as a vulnerability for him/her to develop a malicious code. Describe TWO (2) types of harm it can cause to the program or IT system. (9 marks)