| 基于Fuzzing的ActiveX控件漏洞发掘技术 |
| |
| 引用本文: | 吴毓书,周安民,吴少华,何永强,徐威.基于Fuzzing的ActiveX控件漏洞发掘技术[J].计算机应用,2008,28(9):2252-2254. |
| |
| 作者姓名: | 吴毓书 周安民 吴少华 何永强 徐威 |
| |
| 作者单位: | 四川大学,信息安全研究所,成都,610064 |
| |
| 摘 要: | Fuzzing是一种有效的自动化的漏洞发掘技术,基于Fuzzing漏洞发掘思想,结合对ActiveX控件的研究,设计并实现了一个Windows系统下的ActiveX控件漏洞发掘平台,并改进了Fuzzing数据产生方案。通过对某些第三方软件安装的控件进行测试,发现了两个已知和一个未知的漏洞,提高了漏洞发掘效率。
|
| 关 键 词: | ActicvX控件 漏洞 漏洞挖掘 Fuzzing技术 |
| 收稿时间: | 2008-04-03 |
| 修稿时间: | 2008-05-27 |
ActiveX vulnerability exploiting technique based on Fuzzing |
| |
| WU Yu-shu,ZHOU An-min,WU Shao-hua,HE Yong-qiang,XU Wei.ActiveX vulnerability exploiting technique based on Fuzzing[J].journal of Computer Applications,2008,28(9):2252-2254. |
| |
| Authors: | WU Yu-shu ZHOU An-min WU Shao-hua HE Yong-qiang XU Wei |
| |
| Affiliation: | WU Yu-shu,ZHOU An-min,WU Shao-hua,HE Yong-qiang,XU Wei(Institute of Information Security,Sichuan University,Chengdu Sichuan 610064,China) |
| |
| Abstract: | Fuzzing is an automated vulnerability exploiting technique.A vulnerability exploiting approach based on Fuzzing and the technical details of ActiveX was proposed.A fuzzer was designed,and effective implementation of data generation was advanced.By testing some third-part software's ActiveX controls,one unreleased and two known vulnerabilities were discovered and the efficiency of the ActiveX fuzz was improved. |
| |
| Keywords: | ActiveX controls vulnerability vulnerability exploiting Fuzzing technique |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
