Research on RTF array overflow vulnerability detection
When the virtual function was executed,it could cause array overflow vulnerability due to error operation of the virtual function table of C++ object.By attacking the virtual function,it could cause the system crash,or even the attacker to control the execution of program directly was allowed,which...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2017-05-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017104/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539538909921280 |
|---|---|
| author | De-guang LE Sheng-rong GONG Shao-gang WU Feng XU Wen-sheng LIU |
| author_facet | De-guang LE Sheng-rong GONG Shao-gang WU Feng XU Wen-sheng LIU |
| author_sort | De-guang LE |
| collection | DOAJ |
| description | When the virtual function was executed,it could cause array overflow vulnerability due to error operation of the virtual function table of C++ object.By attacking the virtual function,it could cause the system crash,or even the attacker to control the execution of program directly was allowed,which threatened user’s security seriously.In order to find and fix this potential security vulnerability as soon as possible,the technology for detecting such security vulnerability was studied.Based on the analysis of the virtual function call during the MS Word parsing RTF files,the array overflow vulnerability generated by MS Word parsing abnormal RTF files,and a new RTF array overflow vulnerability detection method based on the file structure analytical Fuzzing was proposed.Besides,an RTF array overflow vulnerability detection tool (RAVD,RTF array vulnerability detector) was designed.The test results show RAVD can detect RTF array overflow vulnerabilities correctly.Moreover,the Fuzzing results show RAVD has higher efficiency in comparison with traditional file Fuzzing tools. |
| format | Article |
| id | doaj-art-d0e83d1f109547128c8d67f1db734994 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2017-05-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-d0e83d1f109547128c8d67f1db7349942025-01-14T07:12:23ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2017-05-01389610759710289Research on RTF array overflow vulnerability detectionDe-guang LESheng-rong GONGShao-gang WUFeng XUWen-sheng LIUWhen the virtual function was executed,it could cause array overflow vulnerability due to error operation of the virtual function table of C++ object.By attacking the virtual function,it could cause the system crash,or even the attacker to control the execution of program directly was allowed,which threatened user’s security seriously.In order to find and fix this potential security vulnerability as soon as possible,the technology for detecting such security vulnerability was studied.Based on the analysis of the virtual function call during the MS Word parsing RTF files,the array overflow vulnerability generated by MS Word parsing abnormal RTF files,and a new RTF array overflow vulnerability detection method based on the file structure analytical Fuzzing was proposed.Besides,an RTF array overflow vulnerability detection tool (RAVD,RTF array vulnerability detector) was designed.The test results show RAVD can detect RTF array overflow vulnerabilities correctly.Moreover,the Fuzzing results show RAVD has higher efficiency in comparison with traditional file Fuzzing tools.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017104/RTF documentvulnerability detectionFuzzing testarray overflow |
| spellingShingle | De-guang LE Sheng-rong GONG Shao-gang WU Feng XU Wen-sheng LIU Research on RTF array overflow vulnerability detection Tongxin xuebao RTF document vulnerability detection Fuzzing test array overflow |
| title | Research on RTF array overflow vulnerability detection |
| title_full | Research on RTF array overflow vulnerability detection |
| title_fullStr | Research on RTF array overflow vulnerability detection |
| title_full_unstemmed | Research on RTF array overflow vulnerability detection |
| title_short | Research on RTF array overflow vulnerability detection |
| title_sort | research on rtf array overflow vulnerability detection |
| topic | RTF document vulnerability detection Fuzzing test array overflow |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2017104/ |
| work_keys_str_mv | AT deguangle researchonrtfarrayoverflowvulnerabilitydetection AT shengronggong researchonrtfarrayoverflowvulnerabilitydetection AT shaogangwu researchonrtfarrayoverflowvulnerabilitydetection AT fengxu researchonrtfarrayoverflowvulnerabilitydetection AT wenshengliu researchonrtfarrayoverflowvulnerabilitydetection |