期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Fuzzing的ActiveX控件漏洞发掘技术 被引量:13

ActiveX vulnerability exploiting technique based on Fuzzing
下载PDF
导出
摘要 Fuzzing是一种有效的自动化的漏洞发掘技术,基于Fuzzing漏洞发掘思想,结合对ActiveX控件的研究,设计并实现了一个Windows系统下的ActiveX控件漏洞发掘平台,并改进了Fuzzing数据产生方案。通过对某些第三方软件安装的控件进行测试,发现了两个已知和一个未知的漏洞,提高了漏洞发掘效率。 Fuzzing is an automated vulnerability exploiting technique. A vulnerability exploiting approach based on Fuzzing and the technical details of ActiveX was proposed. A fuzzer was designed, and effective implementation of data generation was advanced. By testing some third-part software's ActiveX controls, one unreleased and two known vulnerabilities were discovered and the efficiency of the ActiveX fuzz was improved.
作者 吴毓书 周安民 吴少华 何永强 徐威
机构地区 四川大学信息安全研究所
出处 《计算机应用》 CSCD 北大核心 2008年第9期2252-2254,共3页 journal of Computer Applications
关键词 ActicVX控件 漏洞 漏洞挖掘 FUZZING技术 ActiveX controls vulnerability vulnerability exploiting Fuzzing technique
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献7

  • 1FX of Phenoelit. Bug hunting[ EB/OL]. [2008 - 01 - 01]. http://www. phenoelit.de/stuff/Bugs.pdf.
  • 2BOX D. Essential COM [ M]. Reading, MA: Addison-Wesley, 1997.
  • 3Warlord. ActiveX-Active Exploitation [ EB/OL]. [ 2008 - 01 - 01]. packetstormsecurity.org/papers/attack/activex.pdf.
  • 4SUTTON M, GREENE A, AMINI P. FUZZING brute force vulnerability discovery [M]. Reading, MA: Addison-Wesley, 2007.
  • 5HAMMOND M, ROBINSON A. Python programming on Win 3 2 [ EB/OL]. [ 2008 - 01 - 05 ]. O'Reilly, 2000. http://download. csdn. net/source/203224.
  • 6DOWD M, MCDONALD J, SCHUH J. The art of software security assessment: Identifying and preventing software vulnerabilities[ M]. Reading, MA: Addison-Wesley, 2006.
  • 7SPARKS S, EMBLETON S, CUNNINGHAM R, et al. Automated vulnerability analysis [ C]//Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual. [ S. l. ] : IEEE Press, 2007: 477 - 486.

同被引文献145

  • 1胡振彪,赵军,韩磊,王海银.矢量电子地图瓦片制作性能评估与应用[J].测绘科学,2020,45(2):138-144. 被引量:17
  • 2邵林,张小松,苏恩标.一种基于fuzzing技术的漏洞发掘新思路[J].计算机应用研究,2009,26(3):1086-1088. 被引量:17
  • 3徐良华,孙玉龙,高丰,朱鲁华.基于逆向工程的软件漏洞挖掘技术[J].微计算机信息,2006,22(08X):259-261. 被引量:10
  • 4曾鸣,赵荣彩,王小芹,姚京松.一种基于反汇编技术的二进制补丁分析方法[J].计算机科学,2006,33(10):283-287. 被引量:9
  • 5MILLER B P, FREDRIKSON L, SO B. An empirical study of the reliablity of UNIX utilities[ J]. Communications of the ACM, 1990, 33(2) :32.
  • 6AITEL D. The advantages of block-based protocol analysis for security testing[ R]. New York: Immunity Inc, 2002.
  • 7SPIKE [ EB/OL ]. ( 2009- 06 ). http ://www. immunitysec, com/resources-freesoftware, shtml.
  • 8GODEFROID P, LEVIN M, MOLNAR D. Active property checking [ C]//Proc of the 8th ACM International Conference on Embedeling Software. 2008 : 19-24.
  • 9GODEFROID P, LEVIN M, MOLNAR D. Automated whitebox fuzz testing[ C ]//Proc of Network Distributed Security Symposium. 2005.
  • 10MILLER B P, KOSKI D, LEE C P,et al. Fuzzing revisted: a reexamination of the reliability of UNIX utilities and services [ R]. Madison: University of Wisconsin Madison, 1995.

引证文献13

二级引证文献54

计算机应用
2008年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部