Buffer overflows have been the most common form of security vulnerability in the last ten years. More over, buffer overflow vulnerabilities dominate in the area of remote network penetration vulnerabilities, where an anonymous Internet user seeks to gain partial or total control of a host. Because these kinds of attacks enable anyone to take total control of a host, they represent one of the most serious classes security threats. Buffer overflow attacks form a substantial portion of all security attacks simply because buffer overflow vulnerabilities are so common  and so easy to exploit [30, 28, 35, 20]. However, buffer overflow vulnerabilities particularly dominate in the class of remote penetration attacks because a buffer overflow vulnerability presents the attacker with exactly what they need: the ability to inject and execute attack code. The injected attack code runs with the privileges of the vulnerable program, and allows the attacker to bootstrap whatever other functionality is needed to control (“own” in the underground vernacular) the host computer.
For instance, among the five “new” “remote tolocal” attacks used in the 1998 Lincoln Labs intrusion detection evaluation, three were essentially social engineering attacks that snooped user credentials, and two were buffer overflows. 9 of 13 CERT advisories from 1998 involved buffer overflows  and at least half of 1999 CERT advisories involve buffer overflows . An informal survey on the Bugtraq security vulnerability mailing list  showed that approximately 2/3 of respondents felt that buffer overflows are the leading cause of security vulnerabilitySeminar By Crispin Cowan, Perry Wagle, Calton Pu,Steve Beattie, and Jonathan Walpole, Department of Computer Science and Engineering
Reference : http://www.ece.cmu.edu/~ece732/readings/cowan-vulnerability.pdf