Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing
نویسندگان
چکیده
Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed at CERT. By testing a large number of ActiveX controls, we are able to provide some insight into the current state of ActiveX security.
منابع مشابه
Vulnerability Detection in ActiveX Controls
Vulnerabilities in ActiveX controls are frequently used by attackers to compromise systems using the Microsoft Internet Explorer web browser. A programming or design flaw in an ActiveX control can allow arbitrary code execution as the result of viewing a specially-crafted web page. In this paper, we examine effective techniques for fuzz testing ActiveX controls, using the Dranzer tool developed...
متن کاملAutomatic and lightweight grammar generation for fuzz testing
Blackbox fuzz testing can only test a small portion of code when rigorously checking the well-formedness of input values. To overcome this problem, blackbox fuzz testing is performed using a grammar that delineates the format information of input values. However, it is almost impossible to manually construct a grammar if the input specifications are not known. We propose an alternative techniqu...
متن کاملFUZZBUSTER: A System for Self-Adaptive Immunity from Cyber Threats
Today’s computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vu...
متن کاملTest Model for Security Vulnerability in Web Controls based on Fuzzing
The number of Web controls’ security vulnerability surged with ever-changing varieties of attacks. Therefore this paper analyzes test model for Web controls’ vulnerability, and put forward a improved test model for Web controls’ vulnerability. Be aimed to test vulnerability of Web ActiveX controls combining static analysis and dynamic analysis, as well as put forward a proposal of optimizing th...
متن کاملAutomated Whitebox Fuzz Testing
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs and test the program on the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of a program...
متن کامل