For instance, Chrome isn't a server application...it's a client side application, running with the user's credentials. It's pretty obvious from your confusion of different topics that you don't know what you're talking about. A client app is not the same as a server app and a buffer overflow doesn't allow you to "attack the OS/Kernel" - you're confusing USB/Smartcard exploits with buffer overflows. There's this thing called user mode and this thing called kernel mode on operating systems...Apache runs in user mode - to exploit kernel mode code you'd have to attack the underlying hardware - which presumably you're blind to since you're external to the system. So if - for instance - you were trying to exploit a scanf function on the hardware to buffer overflow that bit, you'd have to have a pretty good fingerprint of the system you're attacking since you'd want to know the file system drivers in question...People who say in that scenario, where someone has to stack multiple exploits to have a shot at doing anything to your server and where they want to do it without monitoring or firewalls or IDS systems killing their connection...that the attacker has the advantage...are just giving a weak and lazy cop out.
Anyway, whatever, learn something or keep being an idiot - up to you.
Edited 3 time(s). Last edit at 04/03/2014 10:50AM by Death_Claw.