Which coding vulnerability is characterized by allowing an attacker to execute arbitrary code on a system?

The coding vulnerability that allows an attacker to execute arbitrary code on a system is indeed buffer overflow. This vulnerability occurs when a program writes more data to a block of memory, or buffer, than it was allocated for that buffer. When this overflow happens, it can overwrite adjacent memory, which might include control data, like function pointers or return addresses. By carefully crafting the input that causes the overflow, an attacker can manipulate the program's execution flow and potentially inject and execute malicious code.

Buffer overflows have been a well-documented issue in various programming languages that do not adequately protect against writing data outside of allocated buffers, notably C and C++. They are particularly dangerous because they can lead to full system compromise, giving attackers the ability to execute arbitrary commands or gain elevated privileges on the affected system.

In contrast, cross-site scripting primarily affects web applications by allowing attackers to inject scripts into trusted websites, insecure cryptographic storage involves weaknesses in how data is encrypted and stored, and improper error handling refers to the failure of an application to manage errors securely, which can lead to information disclosures but does not directly allow for code execution like buffer overflow does.