The embodiment of the invention discloses a protection method, a device and a system of buffer overflow attacks; the method comprises the following steps that: a randomizing management drive is loaded in a memory in the mode of a Windows core; the randomizing management drive is linked with an application program interface API function which is arranged in the Windows core and related to the memory allocation, and parameters of the API function are modified to randomize a base address allocated by the memory. Therefore the range of the attacks caused by the overflow of a protection buffer area is further expanded, and the effect is better.