Research On Office Vulnerability Mining And Analysis Technology

With the constant enhencement of the anti-virus software protection technology and the continuous improvement of user's personal safety awareness,it has become increasingly difficult for the attacks that contrapose system vulnerability and Torjan virus to play a role,so the focus of the attackers gradually transferred to the commonly used browser,chat software and word processor,etc.Currently,the application of Microsoft O ffice series has been widely applied,the security issues of its corresponding software also attracted widespread attention of security researchers and attackers,since O ffice 2007,the software adopts Open XML document format,if the document format vulnerability is excavated and used malevolently,there will be a great harm to the huge number of users.Therefore,it is of great significance for the security of Office applications to study the Office document format and unearth the potential Office application vulnerabilities.In order to obtain a better Office vulnerability defense effect,I chosed the Office document format and the vulnerability mining tool as my research objects in this thesis,through a detailed and in-depth analysis and the comparative study of vulnerability mining tools and methods,I realized the parsing of O ffice document format.Combined with Fuzzing technology and reverse engineering technology,I developed an Office Vulnerability mining system which based on the format of the Office document,and the effectiveness of this system is verified by experiment.The main contents of this thesis are as follows:First,Achieve the O ffice file format parsing and the detailed description of the characteristics and structure of the document through in-depth analysis and study.Second,Research on the security threats of the current O ffice software,analyze the causes of Office app lication vulnerabilities and the current attack techniques and defense measures.Third,comparing the current vulnerability mining technology,find out their differences,advantages and disadvantages,summarize the characteristics of the existing vulnerability mining technology.Forth,with the combination of Fuzzing technology and reverse analysis technology,I completed the Office Digger vulnerability mining design and implementation of a prototype system,I also made a detailed introduction to each module in the system which improved the efficiency and automation level of vulnerability of O ffice application vulnerability mining.At the same time,it located the abnormal position accurately and increased the efficiency of vulnerability analysis.Fifth,examples that reproduced the existing O ffice vulnerabilities are given to test the Office Digger system's vulnerability mining.I wrote a shellcode for the vulnerability and tested it,the results proved the effectiveness and efficiency of the OfficeDigger mining system.The implementation of Office vulnerability mining technology and its corresponding system I presented in this thesis have the characteristics of high pertinency,low false alarm rate and high abnormal positioning accuracy.After testing,it can unearth the discovered vulnerabilities and restore the information of vulnerabilities site accurately and efficiently,it has a certain practical value.