Correct Answer: A
An attacker can exploit a buffer overflow to execute arbitrary code by modifying a function's return address.
A buffer overflow is a condition that occurs when a program attempts to write more data to a fixed-length memory space, or buffer, than it can hold. A buffer overflow can corrupt the adjacent memory locations, which may contain important data or instructions for the program. A function's return address is the memory location that stores the address of the instruction that the program should return to after executing the function.
An attacker can overwrite the return address with the address of a malicious code, which can be injected into the buffer or another location, and redirect the program flow to execute the malicious code. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Software Development Security, page 427; [Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 8: Software Development Security, page 567]