随着全球信息化的迅猛发展,计算机软件已成为世界经济、科技、军事和社会发展的重要引擎。信息安全的核心在于其所依附的操作系统的安全机制以及软件本身存在的漏洞。软件漏洞本身无法构成攻击,软件漏洞利用使得把漏洞转化为攻击变为可能。文章立足于Windows操作系统,主要分析了一些常用软件的典型漏洞原理以及常见的利用方法,比较了不同利用方法在不同环境下的性能优劣,并简单分析了Windows的安全机制对软件的防护作用以及对软件漏洞利用的阻碍作用。文章着重对几种典型漏洞进行了软件漏洞利用的探索和实践,并使用当前流行的对安全机制的绕过方法分析了Windows几种安全机制的脆弱性。
With the rapid development of the global information technology, computer software has become the important engine of the world economy, science and technology, military and social development. The core of information security is attached to the security mechanism of the operating system and software vulnerabilities. Software vulnerability itself can not constitute attack, software vulnerability exploiting make the attack possible. This article is based on the Windows operating system, mainly analyzes the principles of some typical software vulnerabilities as well as the common ways to exploit software vulnerabilities, comparing them. in different environment.The article also simply analyzes the protective effect to software security and the hinder to software vulnerability exploiting of Windows security mechanisms. The article emphatically does some explorations and practices on exploiting several typical software vulnerabilities, analyzing the fragility of Windows security mechanisms by using the current popular methods of bypassing security mechanisms.