"Researchers Find 134 Flaws in the Way Word, PDFs, Handle Scripts"

Security researchers have created a tool named Cooper that detects flaws in the way apps such as Microsoft Word and Adobe Acrobat process JavaScript. Through the use of Cooper,  the researchers discovered 134 bugs, 59 of which have been deemed worthy of a vendor fix. Of the discovered bugs, 33 have been assigned a CVE number, and 17 have resulted in bug bounty payments totaling $22,000. The tool's name refers to its use of the cooperative mutation technique. One of the tool's co-authors, Ph.D. student Xu Peng of the Chinese Academy of Sciences, pointed out that Word and Acrobat accept input from scripting languages. For example, JavaScript can edit PDF files in Acrobat. To accomplish this, the PDF must both define native PDF objects and parse JavaScript code. The native objects are processed by Acrobat modules, while an embedded JavaScript engine handles the scripts. The translation is done through a "binding layer." Xu and his partners say the binding code is prone to inconsistent semantics and security weaknesses that lead to severe vulnerabilities. Cooper can detect weaknesses because the cooperative mutation technique it employs simultaneously alters the script code and related document objects to explore various code paths of the binding code. The Cooper tool has three components: object clustering, relationship inference, and relationship-guided mutation. Therefore, Cooper, in some ways, is an elaborate fuzzing tool. The process of searching for conditions under which scripts, apps, and the binding layer produce unwanted or dangerous behavior is guided by inferring the relationships. This article continues to discuss the Cooper tool and its use of the cooperative mutation technique to find flaws in the way apps process JavaScript. 

The Register reports "Researchers Find 134 Flaws in the Way Word, PDFs, Handle Scripts"