Ok but it is a lot more "gapped". A buffer overflow vulnerability is a lot more unlikely to be exploitable if you can't extend arbitrarily the amount of data passed and you have very little room to manipulate it (and it is so if the target has at least a vague knowledge of the format of the data).