Shooting Back Xterms
Step-by-Step
¨Attacker configures his own machine to accept incoming X sessions from the target machine via “xhost +victim” ¨Attacker overflows the buffer of vulnerable program on the target machine with  shell command to run the Xterm program and directing the display to the attacker’s machine ¨Commands typed by attacker into Xterm are executed on the victim machine.