摘要
Fuzzing是一种有效的自动化的漏洞发掘技术,基于Fuzzing漏洞发掘思想,结合对ActiveX控件的研究,设计并实现了一个Windows系统下的ActiveX控件漏洞发掘平台,并改进了Fuzzing数据产生方案。通过对某些第三方软件安装的控件进行测试,发现了两个已知和一个未知的漏洞,提高了漏洞发掘效率。
Fuzzing is an automated vulnerability exploiting technique. A vulnerability exploiting approach based on Fuzzing and the technical details of ActiveX was proposed. A fuzzer was designed, and effective implementation of data generation was advanced. By testing some third-part software's ActiveX controls, one unreleased and two known vulnerabilities were discovered and the efficiency of the ActiveX fuzz was improved.
出处
《计算机应用》
CSCD
北大核心
2008年第9期2252-2254,共3页
journal of Computer Applications