Identifying Exploitable Memory Objects for Out-of-Bound Write
Vulnerabilities
- Runhao Li,
- Bin Zhang,
- Chaojing Tang
Abstract
Exploit an out-of-bounds write vulnerability in general-purpose
applications has become a current research focus. Given the large scale
of code in programs, selecting appropriate memory objects for
exploitation is challenging. In the letter, we propose a corrupted data
propagation-guided fuzzing method. By tracking the propagation process
of corrupted data among memory objects, we propose a multi-level fuzzing
schedule to search the execution paths. Experimental results show that
our proposed method, EMOFuzz, can effectively identify exploitable
objects under various overflow lengths, significantly enhancing the
efficiency of exploitability analysis.