Static detection of C++ vtable escape vulnerabilities in binary code
Download: Paper (PDF)
Date: 8 Feb 2012
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2012
The complexities of C++ create new memory safety vulnerabilities not present in simpler software. We present vtable escape bugs, a type confusion error present in real, deployed C++ software, and we show how automated binary code analyses can statically detect the security defects by reconstructing high-level classes and objects.