| Use-After-Free vulnerabilties are a type of memory corruption flaw. It was caused by the attempt to access or operate on memory which has been freed. This type of vulnerabity might result in program crashin or even arbitrary code execution.In recent years, this type of vulnerabilities have been growing rapidly in popularity, especially for exploiting web browsers.In this paper, we proposed a new algorithm to detect Use-After-Free vulnerabilities and designed the detecting scheme UAFChecker. UAFChecker was based on S2 E, an open source platform for in-vivo multipath analysis of software systems. It monitored the creation of pointers by hooking key heap-operating functions and tracked the propagation of all pointers by using BeaEngine in the assembly code level. Then it collected and analyzed the information of pointers to detect vulnerabilities.THree new features of UAFChecker are included here: 1) Its ability to detect longlived dangling pointers. 2) It can detect Use-After-Free vulnerabilities at a earlier stage. 3) It utilizes kinds of mature technologies of security.In the evaluation, UAFChecker succeeded to locate and analyze multiple 0-day Use-After-Free vulnerabilities in IE 8 browser. By contrast with the traditional detect system, UAFChecker dramatically improves the code coverage, and is able to provide infomation which is a great help to vulnerability analysis. At th final part we concluded and proposed a general method to use the Use-After-Free vulnerabilites and shown exploit code of the 0-days above. |
PDF Full Text Request