通信学报2017,Vol.38Issue(5):96-107,12.DOI:10.11959/j.issn.1000-436x.2017104
RTF数组溢出漏洞挖掘技术研究
Research on RTF array overflow vulnerability detection
摘要
Abstract
When the virtual function was executed,it could cause array overflow vulnerability due to error operation of the virtual function table of C++ object.By attacking the virtual function,it could cause the system crash,or even the attacker to control the execution of program directly was allowed,which threatened user's security seriously.In order to find and fix this potential security vulnerability as soon as possible,the technology for detecting such security vulnerability was studied.Based on the analysis of the virtual function call during the MS Word parsing RTF files,the array overflow vulnerability generated by MS Word parsing abnormal RTF files,and a new RTF array overflow vulnerability detection method based on the file structure analytical Fuzzing was proposed.Besides,an RTF array overflow vulnerability detection tool (RAVD,RTF array vulnerability detector) was designed.The test results show RAVD can detect RTF array overflow vulnerabilities correctly.Moreover,the Fuzzing results show RAVD has higher efficiency in comparison with traditional file Fuzzing tools.关键词
RTF文件/漏洞挖掘/Fuzzing测试/数组溢出Key words
RTF document/vulnerability detection/Fuzzing test/array overflow分类
信息技术与安全科学引用本文复制引用
乐德广,龚声蓉,吴少刚,徐锋,刘文生..RTF数组溢出漏洞挖掘技术研究[J].通信学报,2017,38(5):96-107,12.基金项目
国家自然科学基金资助项目(No.61202440,No.61402057) (No.61202440,No.61402057)
江苏省产学研前瞻性联合研究基金资助项目(No.BY2016050-01) (No.BY2016050-01)
江苏省科技计划基金资助项目(No.BK20160411).The National Natural Science Foundation of China (No.61202440,No.61402057),The Production and Research Prospective Joint Research Project of Jiangsu Province (No.BY2016050-01),The Jiangsu Provincial Natural Science Foundation of China (No.BK20160411) (No.BK20160411)
