I have an upcoming exam for a Security course. The following question has come up a couple times in past exams and I could use some help formulating an answer.
Suppose a user downloads an unsigned application software (say an email client) from the Internet. If an attacker is able to inject any arbitrary code into the application, explain with examples how this may compromise confidentiality, integrity and availability of the end users computer system?
My attempts at answering: Availability: The attacker could launch a DoS attack by injecting lots of data through the application, destined for the user's computer, causing it to crash due to too much traffic.
Struggling to think of ways the attacker could compromise Confidentiality and Integrity and would appreciate some help making a start on these.