The indirect overflow via pointers [4] overflows a buffer to overwrite a pointer, which is used subsequently to overwrite a code pointer. With this technique it is possible to overwrite the return address without altering the StackGuard canary word. It is also possible to overwrite a memory area that is far from the overflowed buffer. Bulba and Kil3r [4] gives examples that bypass StackGuard, StackShield and Solar Designer's stack patch.