A highly automated binary software vulnerability risk evaluation method for off-by-one stack based buffer overflow

Software off-by-one stack based buffer overflow vulnerability may enable attacker to execute arbitrary code via a malformed input, causing persistent threat to computer and communication systems. However, current risk evaluation method is time-consuming and requires a group of people with security knowledge. This paper takes an insight investigation and presents a novel black-box off-by-one stack-based buffer overflow risk evaluation method to deal with the problem. The proposed method is able to bypass the labor-intensive task of in-depth manual program analysis. The proposed method is also easy to deploy and highly automated. Experimental results on both self-developed and real software proved the effectiveness.