[1] |
CABALLERO J,LIN Z . Type inference on executables[J]. ACM Computing Surveys, 2016,48(4): 65.
|
[2] |
HUANG S K , HUANG M H , HUANG P Y ,et al. Software crash analysis for automatic exploit generation on binary programs[J]. IEEE Transactions on Reliability, 2014,63(1): 270-289.
|
[3] |
刘奇旭, 温涛, 闻观行 ,等. Flash 跨站脚本漏洞挖掘技术研究[J]. 计算机研究与发展, 2014,51(7): 1624-1632.
|
|
LIU Q X , WEN T , WEN G X ,et al. Detection of XSS vulnerabilities in online flash[J]. Journal of Computer Research and Development, 2014,51(7): 1624-1632.
|
[4] |
MASSACCI F , NGUYEN V H . An empirical methodology to evaluate vulnerability discovery models[J]. IEEE Transactions on Software Engineering, 2014,40(12): 1147-1162.
|
[5] |
乐德广, 章亮, 郑力新 ,等. 面向RTF文件的Word漏洞分析[J]. 华侨大学学报(自然科学版), 2015,36(1): 17-22.
|
|
LE D G , ZHANG L , ZHENG L X ,et al. Research on Word vulnerability analysis for the RTF file[J]. Journal of Huaqiao University (Natural Science), 2015,36(1): 17-22.
|
[6] |
乐德广, 章亮, 龚声蓉 ,等. 面向RTF的OLE对象漏洞分析研究[J]. 网络与信息安全学报, 2016,2(1): 34-45.
|
|
LE D G , ZHANG L , GONG S R ,et al. Research on OLE object vulnerability analysis for RTF file[J]. Chinese Journal of Network and Information Security, 2016,2(1): 34-45.
|
[7] |
王清 . 0day 安全软件漏洞分析技术[M]. 北京市:电子工业出版社. 2011: 345-346.
|
|
WANG Q . 0day security:software vulnerability analysis techniques[M]. Beijing:Publishing House of Electronics Industry. 2011: 345-346.
|
[8] |
DEWEY D , GIFFIN J T . Static detection of C++ vtable escape vulnerabilities in binary code[C]// 19th Annual Network and Distributed System Security Symposium (NDSS). 2012: 1-14.
|
[9] |
JANG D , TATLOCK Z , LERNER S . SAFEDISPATCH:securing C++ virtual calls from memory corruption attacks[C]// 21th Annual Network and Distributed System Security Symposium (NDSS). 2014: 1-15.
|
[10] |
PRAKASH A , HU X , YIN H . VfGuard:strict protection for virtual function calls in COTS C++ binaries[C]// 22th Annual Network and Distributed System Security Symposium (NDSS). 2015: 1-15.
|
[11] |
BOUNOV D , KLCL R G , LERNER S . Protecting C++ dynamic dispatch through VTable interleaving[C]// 23th Annual Network and Distributed System Security Symposium (NDSS). 2016: 1-15.
|
[12] |
李舟军, 张俊贤, 廖湘科 ,等. 软件安全漏洞检测技术[J]. 计算机学报, 2015,38(4): 717-732.
|
|
LI Z J , ZHANG J X , LIAO X K ,et al. Survey of software vulnerability detection techniques[J]. Chinese Journal of Computers, 2015,38(4): 717-732.
|
[13] |
COWAN C , PU C , MAIER D ,et al. StackGuard:automatic adaptive detection and prevention of buffer-overflow attacks[C]// 7th Conference on USENIX Security Symposium (USENIX). 1998: 5-15.
|
[14] |
STOJANOVSKI N , GUSEV M , GLIGOROSKI D ,et al. Bypassing data execution prevention on microsoft Windows XP SP2[C]// The Second International Conference on Availability,Reliability and Security. 2007: 1222-1226.
|
[15] |
KHARBUTLI M , JIANG X W , SOLIHIN Y ,et al. Comprehensively and efficiently protecting the heap[J]. ACM Sigops Operating Systems Review, 2006,40(5): 207-218
|
[16] |
ZHANG C , CARR S A , LI T X ,et al. VTrust:regaining trust on virtual calls[C]// 23th Annual Network and Distributed System Security Symposium (NDSS). 2016: 1-15.
|
[17] |
RTF 1.9.1.Rich text format (RTF) specification[S]. Microsoft Corporation, 2008.
|
[18] |
VOSTOKOV D . Windows debugging:practical foundations[M]. Monkstown: Opentask PublisherPress, 2009: 79-81.
|
[19] |
LI J X , XU X , LIAO L J ,et al. Concolic execute Fuzzing based on control-flow analysis[C]// 11th International Conference on Computational Intelligence and Security (CIS). 2015: 385-389.
|
[20] |
MS-DOC 6.1.Word (.doc) binary file format[S]. Microsoft Corporation, 2017.
|
[21] |
OUYANG Y J , ZENG S , CAO Y ,et al. A region-sensitive Fuzzing test based on multi-objective programming[J]. Lecture Notes on Software Engineering, 2016,4(2): 116-122.
|
[22] |
HU C J , Li Z J , MA J X ,et al. File parsing vulnerability detection with symbolic execution[C]// 6th IEEE International Symposium on Theoretical Aspects of Software Engineering (TASE), 2012: 135-142.
|
[23] |
COHN R , RUSSELL J . OllyDbg[M]. VSD Publisher, 2012: 24-26.
|
[24] |
KENNEDY D , O'GORMAN J , KEARNS D ,et al. Metasploit:the penetration tester's guide[M]. San Francisco: No Starch PressPress, 2011: 56-58.
|