Abstract
The integer overflow vulnerabilities exist in Windows binary executables still take up a large proportion of software security vulnerabilities. As integer overflow could lead to a serious buffer overflow sometimes, so once the integer overflow to buffer overflow vulnerability is exploited by attackers, our computer system may be exposed to critical threaten. In this paper, we present the design and implementation of a dynamic method to detect integer overflow to buffer overflow vulnerabilities. Our method first utilizes static analysis to find integer sensitive code region with the help of the characteristics of integer overflow to buffer overflow vulnerability. Then we leverage selective symbolic execution to explore these code regions and check the secure condition on each sink point to find secure bugs. Once we find a suspicious integer overflow to buffer overflow point, our method can generate POC automatically so that we can validate this overflow warning easily and accurately. We evaluate our method on 104 integer overflow to buffer overflow programs in Juliet test suite, and the result shows that our method does not produce any false positive and false negative. We also test our method on real-world binary software and the result shows our method could detect the vulnerability efficiently and generate POCs successfully.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
