网络与信息安全学报 ›› 2016, Vol. 2 ›› Issue (1): 34-45.doi: 10.11959/j.issn.2096-109x.2016.00011

• 学术论文 • 上一篇    下一篇

面向RTF的OLE对象漏洞分析研究

乐德广1,2,4,章亮3,龚声蓉1,2,郑力新3,吴少刚4   

  1. 1 常熟理工学院计算机科学与工程学院,江苏 常熟 215500
    2 苏州大学计算机科学与技术学院,江苏 苏州 215006
    3 华侨大学工学院,福建 泉州 362021
    4 江苏中科梦兰电子科技有限公司,江苏 常熟 215500
  • 修回日期:2015-11-19 出版日期:2016-01-01 发布日期:2016-02-16
  • 作者简介:乐德广(1975-),男,福建三明人,博士,常熟理工学院计算机科学与工程学院副教授,主要研究方向为计算机网络安全与下一代互联网技术等。|章亮(1990-),男,安徽合肥人,华侨大学硕士生,主要研究方向为信息安全与网络攻防等。|龚声蓉(1966-),男,江苏苏州人,博士,常熟理工学院计算机科学与工程学院教授,主要研究方向为图像处理与信息安全等。|郑力新(1967-),男,福建泉州人,华侨大学教授,主要研究方向为图像处理与信息安全等。|吴少刚(1973-),男,安徽宿松人,博士,主要研究方向为计算机系统安全、结构,并行与分布式计算等。
  • 基金资助:
    国家自然科学基金资助项目(61202440);国家自然科学基金资助项目(61170124);国家自然科学基金资助项目(61402057);福建省物联网云计算平台建设基金资助项目(2013H2002)

Research on OLE object vulnerability analysis for RTF file

De-guang LE1,2,4,Liang ZHANG3,Sheng-rong GONG1,2,Li-xin ZHENG3,Shao-gang WU4   

  1. 1 School of Computer Science and Engineering, Changshu Institute of Technology, Changshu 215500, China
    2 School of Computer Science and Technology, Soochow University, Suzhou 215006, China
    3 College of Engineering, Huaqiao University, Quanzhou 362021, China
    4 Jiangsu Lemote Technology, Changshu 215500, China
  • Revised:2015-11-19 Online:2016-01-01 Published:2016-02-16
  • Supported by:
    The National Natural Science Foundation of China(61202440);The National Natural Science Foundation of China(61170124);The National Natural Science Foundation of China(61402057);TFujian Internet of Things and Cloud Computing Program(2013H2002)

摘要:

摘要:针对RTF文档在OLE对象解析过程中出现的安全漏洞问题,提出了一种基于数据块解析及特征数据构造的OLE对象漏洞分析方法。利用逆向技术分析OLE对象漏洞的触发条件,通过数据块解析定位OLE对象漏洞的触发点,并基于特征数据构造检测OLE对象漏洞。实验表明,该方法不但能正确检测出RTF的OLE对象漏洞,而且能精准定位漏洞触发点,为研究漏洞补丁提供有效依据。此外,与现有方法相比,该方法还具有更高的检测效果,从而有效防御各种面向RTF文档的OLE对象漏洞利用攻击。

关键词: RTF文件, 软件安全, OLE对象漏洞, 漏洞分析

Abstract:

In order to deal with the problem of OLE parsing vulnerability for RTF documents, a kind of vulnerability analysis method based on data block analysis and characterization data construction was proposed. The trigger con-ditions of OLE object vulnerability by reverse engineering technique were analyzed. The trigger point of vulnerabil-ity was located through data block analysis. The OLE object vulnerability was detected based on characterization data construction. Tests show that the proposed method not only detects the OLE object vulnerability correctly, but also locates the point of vulnerability accurately, which provides the effective support for the research on vulnerabil-ity patches. Besides, the detection effectiveness of the proposed method is higher than that of other methods, which can effectively defense the exploit attack of OLE object vulnerability for RTF documents.

Key words: RTF document, software security, OLE vulnerability, vulnerability analysis

中图分类号: 

  • TP393