Tech

What is Remote Code Execution?

What is Remote code execution (RCE)?

A simple web search brings up a Wikipedia page on Arbitrary code execution (ACE).

According to Wikipedia:

In computer security, arbitrary code execution (ACE) is an attacker’s ability to execute arbitrary commands or code on a target machine or in a target process.

An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution.

A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit.

The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE).

via WIkipedia

Hmmm. That’s a lot to take in, right? So right now, there’s a few alarm bells and red flags swirling around in my head.

Let’s pull up the definition of ‘arbitrary’ to be sure we’re all on the same page:

arbitrary–based on random choice or personal whim, rather than any reason or system.; (of power or a ruling body) unrestrained and autocratic in the use of authority.; (mathematics)(of a constant or other quantity) of unspecified value.

Initially I automatically applied the first definition of ‘arbitrary’ being based on random choice. But after reading about the ACE (Arbitrary code execution) is seems that ACE would provide a threat actor (i.e. a bad person!) with “unrestrained and autocratic in the use of authority”, or in other words, total use of a targeted computer in order to execute commands. That can be a bad thing when combined with the malicious intent of threat actors.

So! Now we take this mixture of ‘arbitrary’ and ‘code execution’ and the ‘remote’ nature of networks and we brew up “Remote Code Execution”, a very potent and powerful tool that in itself isn’t inherently bad, BUT mixed with malicious human intent USUALLY leads to very negative consequences & outcomes.