2013 | OriginalPaper | Buchkapitel
BISSAM: Automatic Vulnerability Identification of Office Documents
verfasst von : Thomas Schreck, Stefan Berger, Jan Göbel
Erschienen in: Detection of Intrusions and Malware, and Vulnerability Assessment
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
In recent years attackers have changed their attack vector from the operating system level to the application level. Particularly, attackers concentrate their efforts on finding vulnerabilities in common office applications such as Microsoft Office and Adobe Acrobat. In this paper, we present a novel approach to detect
and
identify the actual vulnerability exploited by a malicious document and extract the exploit code itself. To achieve this, we automatically extract from a security patch information about which code fragments were changed. During the analysis of a document, we open the document using the appropriate application, log the execution path, and automatically identify embedded malicious code using dynamic binary instrumentation. Then both pieces of information are used to determine whether a malicious document exploits a known security flaw and, if so, which vulnerability is targeted.