New tool to find vulnerabilities in the way applications like Microsoft Word and Adobe Acrobat process JavaScript: Cooperative mutation attack

  • Object clustering: To begin, Cooper analyzes the given sample documents to extract native objects. to reduce the object search space the tool classifies objects according to their attributes
  • Relationship inference: Subsequently, the tool produces a large number of documents by combining different object classes and API groups, recording the execution results of the built-in scripts. based on the success rate of script execution and the distribution of object classes cooper infers the relationships between api groups and object classes
  • Relationship-guided mutation: Finally, Cooper leverages the inferred relationship to guide object selection, script generation, and object mutation

--

--

Knowledge belongs to the world

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store