I knew about the Metasploit Framework for a few years, but I never really got into it. I have some knowledge when it comes to networks, but I am not a Pro. I've tested some things with Metasploit and I was curious about one thing. (please correct me if I'm wrong)
Let's say that Microsoft is releasing a new version of Internet Explorer. Somebody finds a vulnerability (buffer overflow), and with Metasploit (not only Metasploit, but yeah), I set the exploit, set the payload, set the parameters, type exploit, and I got a meterpreter shell.
Ok, Internet Explorer has a vulnerability, but how is the connection between the exploit and the payload made? From what I know a buffer overflow is just something that is crashing the application, but how does it go from crashing an application to a connection back to the hacker's computer?