The instruction pointer (EIP) is a register in the CPU that points to the next instruction to be executed. In a buffer overflow attack, the attacker overwrites the EIP with a malicious address, causing the program to jump to the attacker's code instead of the next legitimate instruction.