摘要
复合文档是一种包含文本、图形、电子表格数据、声音、视频图像以及其他信息的结构化存储的文件类型。由于其被办公软件广泛应用,针对复合文档的攻击技术也越来越多。然而复合文档结构严谨,支持多种编码方式和压缩算法,其复杂的格式导致传统的Fuzzing测试效率低下。针对复合文档的结构化存储的特征,设计一套原型工具Docu Fuzzer,并使用该工具对金山WPS进行测试实验,证明该工具确实可以提高测试效率。
Compound document is a document type that contains text, graphics, spreadsheet data, voice, video and other information storage structure, since it is widely used office software, attacks against a compound document technology is also increasing. However, compound document structured to support multiple encoding and compression algorithm, which leads to poor form complex traditional Fuzzing test efficiency. According to the structure of the compound document storage feature, designs a prototype tool DocuFuzzer, and uses the tool to test Kingsoft WPS, experiments prove that the tool can indeed improve test efficiency.
