Abstract: Recently, with the wide development of computer network, file format-based software vulnerability detection technology has become one of the research hotspots of information security. This paper ifrstly analyzes the ifle formats of Microsoft Ofifce and Adobe PDF. On the basis of the study on traditional vulnerability detection techniques, three document vulnerability detection methods are put forward:static detection method based on tainted data structure, dynamic detection method based on tainted data lfow, heuristic detection method based on behavior. Then the typical document class CVE vulnerability detection tool is realized and is experimented in the simulation platform. The results show that comparing with similar tools, the tool proposed in this paper has a higher detection rate.