• • 上一篇    下一篇

一种非堆喷射的IE浏览器漏洞利用技术研究

宁戈%张涛%伟平%梅瑞   

  • 基金资助:
    国家自然科学基金(61170282)

Study of Non-Heapspray IE’s Vulnerability Exploitation Technique

NING Ge%ZHANG Tao%WEN Wei-ping%MEI Rui   

  • About author:北京大学软件与微电子学院,北京,102600

摘要: 随着互联网技术的进步和发展,计算机成为人们日常生产生活不可缺少的工具,计算机系统的安全问题愈加重要。目前,利用各类系统或软件的漏洞已经成为主流的攻击方法。为更加有效防御针对漏洞的攻击,就需要对各类漏洞利用方法深入研究。文章基于流行的IE浏览器漏洞利用方法的研究,介绍了一种新型的浏览器漏洞利用技术,并在已知漏洞中得到了验证。

Abstract: With the progress and development of Internet technology, the computer has been the indispensable tool in people's daily life. The security issue of computer system becomes increasingly significant. At present, vulnerability exploitation of systems or software has become a popular attacking method. In order to defend the attack to vulnerability more effectively, we need to study various methods of vulnerability exploitation. This paper introduces a new technique of browser’s vulnerability-exploitation, which has been veriifed in the known vulnerabilities, based on popular methods of IE’s vulnerability exploitation.