Which attack uses legitimate pieces of code to execute operations in a harmful manner?

The return-oriented attack (ROA) leverages existing executable code segments in memory, known as "gadgets," to perform unintended operations. This type of attack is particularly insidious because it does not rely on injecting new code but instead manipulates legitimate pieces of code that are already part of the application's environment. By chaining these gadgets together, an attacker can redirect the control flow of a program to execute harmful functions while bypassing security mechanisms that monitor for the introduction of new, malicious code.

Typically, return-oriented attacks are aimed at exploiting vulnerabilities such as buffer overflows, where the attacker can control the stack and manipulate the return addresses to point to the gadgets. This highlights the effectiveness of the method: since it utilizes code that is already present and deemed legitimate by the system, it has a greater chance of evading detection by traditional security measures.

On the other hand, replay attacks involve intercepting and reusing valid data transmissions in order to gain unauthorized access or perform actions without the legitimate user’s knowledge. Denial of service attacks aim to incapacitate services or networks rather than exploit code directly, and cross-site scripting (XSS) involves injecting malicious scripts into content from otherwise trusted websites, which does not represent the reuse of legitimate code for malicious purposes