Easyfuzzeris aWooyunA white hat (light edge) provides aFuzztool for the file. Usually mainly with the network protocol security, and local software security to deal with less, so not much attention to this software, but today foundYSof thePCThe client has a video editing function, but also made a separate editor, in the security evaluation of this editor I certainly think of the local overflow of some security issues, which let me re-focus on the software, there is a practical case to illustrate the use of this software.
Specific usage instructions and documents:
http://bbs.pediy.com/showthread.php?t=193340
2, actual cases: YSimproper parsing of video editor Player Library, there may be a security risk of overflow exploitation Problem Description:The YS Video Editor uses a 2 -party Player Library that crashes when parsing some custom malformed video files, which, according to general experience, causes an overflow of improper parsing of file data formats, a seemingly common bug Problems can often be exploited for malicious attacks, and once successfully exploited, malicious code can be executed on the client side.
Test steps:(1), UseEasyfuzzimporting and generating deformitiesMP4files,
(2), open ys Video editor to choose to import the generated malformed file and add it to the formula bar,
(3), Select a malformed file and click Join to crash the editor while the video preview is in progress.
problem Extension :The points of the crash exist in different places, some crash when importing video, some crash in the edit area, and some crash when playing video files, so you need to be completely checked.
If the problem can be exploited, the attack is usually done using social engineering to trick the user into adding the malicious code to the video file, eventually exploiting the vulnerability to execute the malicious code.
Solution Recommendations:(1), strict data validation of playback files in the Player Library, including but not limited to: data length, type, range, and recommended White-list verification, which allows only the specified data to pass, and does not handle data beyond the specified.
3 , Summary:becauseYSThe editor is not able to directly associate playbackMP4Manual Drag-and-drop process, and therefore cannot be used directly as described in the document .EasyfuzzerThe Affiliate ProgramFuzz, so you need to write a call to the Player LibraryDemofor automated testing, the process is as follows:
Easyfuzzer use case sharing
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
