For its cross-platform and easy-to-use features, ActiveX controls have been widely used in other applications, such as statistical software, online banking security controls. Thus, its security problems are more worthy of attention. Currently, Fuzzing is the primary method of vulnerability detection of ActiveX controls, but its disadvantage is it may cause false negatives. CMPTracer, as a tool for ActiveX vulnerability detection, which is based on Dynamic Taint Analysis (DTA) technology, is able to analyze the internal processes of the controllable data in the ActiveX control and to feed back the instructions for reasonable veriifcation in the program, and then guide the test data modiifcations to testing the deep processing logic of ActiveX controls. After testing, CMPTracer can reduce the false negative rate in the process of vulnerability detection.thus,CMPTacer is able to detect some vulnerabilities which are missed by other Fuzzing tools.%ActiveX控件以其跨平台、简单易用的特点被广泛应用于其他应用程序,例如大型统计软件、网上银行安全控件等。因此,其安全问题也越来越值得关注。目前针对ActiveX控件的漏洞挖掘的主要方法是模糊测试,但模糊测试的局限性会造成漏报。文章基于动态污点分析的ActiveX漏洞挖掘工具CMPTracer,分析可控数据在ActiveX控件内部的处理流程,反馈出程序内部进行正确性检测的指令,进而指导测试数据的修改,得以测试程序深层的处理逻辑。经过试验比对发现,CMPTracer可以降低漏洞挖掘过程中的漏报率,能够发现普通模糊测试工具遗漏的安全漏洞。
展开▼
