The hunt is on for file format bugs

iDefense has released new tools to discover flaws in popular file formats. File formatting flaws have become a common exploit, allowing attackers to run malicious code when a user simply views an image or reads an e-mail. Two of three critical updates released by Microsoft dealt with file format flaws. FileFuzz for Windows and SpikeFile and NotSpikeFile for Linux enable a researcher to manipulate single bits within a file and check the file for potential exploits. The tools do not find the exploits but point researchers to areas for further examination. While iDefense admits the tools could be used by malicious hackers to find vulnerabilities, Joshua Feldman, a security engineer at Science Applications International, thinks they will only appeal to researchers. The tools are available as open source and can be downloaded from the iDefense website.


Leave a Reply