If you can execute code, you could certainly do that, even on 64 bit.
The problem is executing code in the first place. There are other mechanisms in place that can prevent a crash to turn into direct code execution (NX-bit). To circumvent those, you can use Return Oriented Programming (ROP), where you prepare the stack such that you jump into a loaded library or other (completely innocent!) code in memory. The problem then is that you need to know where the code you want to jump to resides in memory, and thats where ASLR comes in. With ASLR, modules are randomly allocated in memory and an attacker can't predict where code he wants to jump to resides at.
(ROP is a pretty fascinating topic in itself. The problem is essentially that you are given a bunch of assembly, and your task is to figure out how to use, combine it into gadgets that emulate generic computing functionality (pop a value from the stack, push a value to the stack, call a function, ..) such that you can build your shellcode from those gadgets)
The problem is executing code in the first place. There are other mechanisms in place that can prevent a crash to turn into direct code execution (NX-bit). To circumvent those, you can use Return Oriented Programming (ROP), where you prepare the stack such that you jump into a loaded library or other (completely innocent!) code in memory. The problem then is that you need to know where the code you want to jump to resides in memory, and thats where ASLR comes in. With ASLR, modules are randomly allocated in memory and an attacker can't predict where code he wants to jump to resides at.
(ROP is a pretty fascinating topic in itself. The problem is essentially that you are given a bunch of assembly, and your task is to figure out how to use, combine it into gadgets that emulate generic computing functionality (pop a value from the stack, push a value to the stack, call a function, ..) such that you can build your shellcode from those gadgets)