本文已被:浏览 1185次 下载 2650次
Received:March 08, 2014 Revised:April 04, 2014
Received:March 08, 2014 Revised:April 04, 2014
中文摘要: 软件漏洞是引起计算机安全问题的重要根源之一. 以CVE-2012-0158漏洞为例, 探索了漏洞产生的原理及利用方式. 通过动态分析方法简要地描述该漏洞被触发时, 程序所执行的代码及函数调用情况, 从本质上解析了漏洞产生的原因及危害, 从而引起人们对安全开发、避免产生漏洞的重视. 给出了通过基于安全性的软件开发方式, 可以从根源上减少软件漏洞引起的计算机安全问题, 从而提升系统和软件的安全性能.
中文关键词: 漏洞分析 CVE-2012-0158 动态分析 缓冲区溢出 安全开发
Abstract:Software vulnerability is one of the important causes of computer security. Taking the CVE-2012-0158 as an example, the form prince and exploitation way of vulnerability is explored. Which codes and functions are called by the procedure when the vulnerability is triggered are briefly described through the dynamic analysis method and the causes and hazards of vulnerability are explained to arouse people's attention of taking safe development and avoiding vulnerability. Then safe development methods based on security are mentioned to reduce computer security problems caused by software vulnerabilities fundamentally, so as to improve the safety performance of the system and software.
keywords: software vulnerability CVE-2012-0158 dynamic analysis buffer overflow security development
文章编号: 中图分类号: 文献标志码:
基金项目:国家自然科学基金(61074014);辽宁省教育厅重点实验室项目(LS2010079)
引用文本:
王大伟,周军,梅红岩.基于CVE-2012-0158的软件漏洞分析与利用.计算机系统应用,2014,23(11):203-207
WANG Da-Wei,ZHOU Jun,MEI Hong-Yan.Analysis and Exploitation of Software Vulnerability Based on Cve-2012-0158.COMPUTER SYSTEMS APPLICATIONS,2014,23(11):203-207
王大伟,周军,梅红岩.基于CVE-2012-0158的软件漏洞分析与利用.计算机系统应用,2014,23(11):203-207
WANG Da-Wei,ZHOU Jun,MEI Hong-Yan.Analysis and Exploitation of Software Vulnerability Based on Cve-2012-0158.COMPUTER SYSTEMS APPLICATIONS,2014,23(11):203-207
