{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:24:13Z","timestamp":1750220653638,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":105,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004801","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1566321"],"award-info":[{"award-number":["1566321"]}],"id":[{"id":"10.13039\/501100004801","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427568","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"386-400","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Guide Me to Exploit: Assisted ROP Exploit Generation for ActionScript Virtual Machine"],"prefix":"10.1145","author":[{"given":"Fadi","family":"Yilmaz","sequence":"first","affiliation":[{"name":"University of North Carolina at Charlotte, United States of America"}]},{"given":"Meera","family":"Sridhar","sequence":"additional","affiliation":[{"name":"University of North Carolina at Charlotte, United States of America"}]},{"given":"Wontae","family":"Choi","sequence":"additional","affiliation":[{"name":"Google"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Anno Accademico. 2013. Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications. Master\u2019s thesis. Politecnico Di Milano.  Anno Accademico. 2013. Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications. Master\u2019s thesis. Politecnico Di Milano."},{"key":"e_1_3_2_1_2_1","unstructured":"Adobe Inc.[n.d.]. Archived Flash Player versions. https:\/\/helpx.adobe.com\/flash-player\/kb\/archived-flash-player-versions.html.  Adobe Inc.[n.d.]. Archived Flash Player versions. https:\/\/helpx.adobe.com\/flash-player\/kb\/archived-flash-player-versions.html."},{"key":"e_1_3_2_1_3_1","unstructured":"Adobe Inc.[n.d.]. avmplus. https:\/\/github.com\/adobe\/avmplus.  Adobe Inc.[n.d.]. avmplus. https:\/\/github.com\/adobe\/avmplus."},{"key":"e_1_3_2_1_4_1","unstructured":"Adobe Inc.[n.d.]. Download Adobe Flex SDK. https:\/\/www.adobe.com\/devnet\/flex\/flex-sdk-download.html.  Adobe Inc.[n.d.]. Download Adobe Flex SDK. https:\/\/www.adobe.com\/devnet\/flex\/flex-sdk-download.html."},{"key":"e_1_3_2_1_5_1","unstructured":"Adobe Inc.[n.d.]. Run-Time Errors. https:\/\/help.adobe.com\/en_US\/FlashPlatform\/reference\/actionscript\/3\/runtimeErrors.html.  Adobe Inc.[n.d.]. Run-Time Errors. https:\/\/help.adobe.com\/en_US\/FlashPlatform\/reference\/actionscript\/3\/runtimeErrors.html."},{"key":"e_1_3_2_1_6_1","unstructured":"Adobe Inc.2007. ActionScript Virtual Machine 2 (AVM2) Overview. https:\/\/www.adobe.com\/content\/dam\/acom\/en\/devnet\/pdf\/avm2overview.pdf.  Adobe Inc.2007. ActionScript Virtual Machine 2 (AVM2) Overview. https:\/\/www.adobe.com\/content\/dam\/acom\/en\/devnet\/pdf\/avm2overview.pdf."},{"key":"e_1_3_2_1_7_1","unstructured":"Adobe Inc.2015. Adobe Security Bulletin. http:\/\/tinyurl.com\/ofdwo9c. Accessed\u201d 2016-12-03.  Adobe Inc.2015. Adobe Security Bulletin. http:\/\/tinyurl.com\/ofdwo9c. Accessed\u201d 2016-12-03."},{"volume-title":"Proceedings of the 23th ACM Conference on Computer and Communications Security (CCS).","author":"Alhuzali Abeer","key":"e_1_3_2_1_8_1","unstructured":"Abeer Alhuzali , Birhanu Eshete , Rigel Gjomemo , and V.N. Venkatakrishnan . 2016. Chainsaw: Chained Automated Workflow-based Exploit Generation . In Proceedings of the 23th ACM Conference on Computer and Communications Security (CCS). Abeer Alhuzali, Birhanu Eshete, Rigel Gjomemo, and V.N. Venkatakrishnan. 2016. Chainsaw: Chained Automated Workflow-based Exploit Generation. In Proceedings of the 23th ACM Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23371"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of The Network and Distributed System Security Symposium (NDSS).","author":"Avgerinos Thanassis","year":"2011","unstructured":"Thanassis Avgerinos , Sang\u00a0Kil Cha , Brent Lim\u00a0Tze Hao , and David Brumley . 2011 . AEG: Automatic Exploit Generation . In Proceedings of The Network and Distributed System Security Symposium (NDSS). Thanassis Avgerinos, Sang\u00a0Kil Cha, Brent Lim\u00a0Tze Hao, and David Brumley. 2011. AEG: Automatic Exploit Generation. In Proceedings of The Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_11_1","volume-title":"Hacking Blind. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP\u201914)","author":"Bittau Andrea","year":"2014","unstructured":"Andrea Bittau , Adam Belay , Ali Mashtizadeh , David Mazi\u00e8res , and Dan Boneh . 2014 . Hacking Blind. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP\u201914) . Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazi\u00e8res, and Dan Boneh. 2014. Hacking Blind. In Proceedings of the 2014 IEEE Symposium on Security and Privacy (SP\u201914)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2785841"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Konstantin B\u00f6ttinger and Claudia Eckert. 2016. DeepFuzz: Triggering Vulnerabilities Deeply Hidden in Binaries. Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) 9721(2016) 25\u201334.  Konstantin B\u00f6ttinger and Claudia Eckert. 2016. DeepFuzz: Triggering Vulnerabilities Deeply Hidden in Binaries. Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA) 9721(2016) 25\u201334.","DOI":"10.1007\/978-3-319-40667-1_2"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455776"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/0950-5849(95)01055-6"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866354"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation ((OSDI)), Vol.\u00a08. 209\u2013224","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar , Daniel Dunbar , Dawson\u00a0 R Engler , 2008 . KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs . In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation ((OSDI)), Vol.\u00a08. 209\u2013224 . Cristian Cadar, Daniel Dunbar, Dawson\u00a0R Engler, 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation ((OSDI)), Vol.\u00a08. 209\u2013224."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_10"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3183440.3183456"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2017.70"},{"key":"e_1_3_2_1_23_1","volume-title":"Test Case Prioritization for Compilers: A Text-Vector Based Approach. In IEEE International Conference on Software Testing, Verification and Validation (ICST).","author":"Chen Junjie","year":"2016","unstructured":"Junjie Chen , Yanwei Bai , Dan Hao , Yingfei Xiong , Hongyu Zhang , Lu Zhang , and Bing Xie . 2016 . Test Case Prioritization for Compilers: A Text-Vector Based Approach. In IEEE International Conference on Software Testing, Verification and Validation (ICST). Junjie Chen, Yanwei Bai, Dan Hao, Yingfei Xiong, Hongyu Zhang, Lu Zhang, and Bing Xie. 2016. Test Case Prioritization for Compilers: A Text-Vector Based Approach. In IEEE International Conference on Software Testing, Verification and Validation (ICST)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338957"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2889771"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00046"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961295.1950396"},{"key":"e_1_3_2_1_29_1","unstructured":"Cisco. 2016. Cisco 2016 Midyear Security Report. https:\/\/tinyurl.com\/y7kupmkr.  Cisco. 2016. Cisco 2016 Midyear Security Report. https:\/\/tinyurl.com\/y7kupmkr."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813671"},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST).","author":"DeMott D.","year":"2011","unstructured":"Jared\u00a0 D. DeMott , Richard\u00a0 J. Enbody , and WIlliam\u00a0 F. Punch . 2011 . Towards an Automatic Exploit Pipeline . In Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST). Jared\u00a0D. DeMott, Richard\u00a0J. Enbody, and WIlliam\u00a0F. Punch. 2011. Towards an Automatic Exploit Pipeline. In Proceedings of the 6th International Conference for Internet Technology and Secured Transactions (ICITST)."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2803179"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2009.5070546"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106286"},{"key":"e_1_3_2_1_35_1","volume-title":"GDB: The GNU Project Debugger. https:\/\/www.gnu.org\/software\/gdb\/.","author":"GNU.","year":"2019","unstructured":"GNU. 2019 . GDB: The GNU Project Debugger. https:\/\/www.gnu.org\/software\/gdb\/. GNU. 2019. GDB: The GNU Project Debugger. https:\/\/www.gnu.org\/software\/gdb\/."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1379022.1375607"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS).","author":"Godefroid Patrice","year":"2008","unstructured":"Patrice Godefroid , Michael\u00a0 Y. Levin , and David\u00a0 A. Molnar . 2008 . Automated Whitebox Fuzz Testing . In Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS). Patrice Godefroid, Michael\u00a0Y. Levin, and David\u00a0A. Molnar. 2008. Automated Whitebox Fuzz Testing. In Proceedings of the 16th Annual Network & Distributed System Security Symposium (NDSS)."},{"volume-title":"Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities. Master\u2019s thesis","author":"Heelan Sean","key":"e_1_3_2_1_38_1","unstructured":"Sean Heelan . 2011. Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities. Master\u2019s thesis . University of Oxford. Sean Heelan. 2011. Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities. Master\u2019s thesis. University of Oxford."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.5555\/3277203.3277261"},{"volume-title":"Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 12). 445\u2013458.","author":"Holler Christian","key":"e_1_3_2_1_40_1","unstructured":"Christian Holler , Kim Herzig , and Andreas Zeller . 2012. Fuzzing with code fragments . In Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 12). 445\u2013458. Christian Holler, Kim Herzig, and Andreas Zeller. 2012. Fuzzing with code fragments. In Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 12). 445\u2013458."},{"key":"e_1_3_2_1_41_1","volume-title":"Proceedings of the 24th USENIX Conference on Security Symposium (USENIX SS). 177\u2013192","author":"Hong Hu","year":"2015","unstructured":"Hu Hong , Chua\u00a0Zheng Leong , Adrian Sendroiu , Saxena Prateek , and Liang Zhenkai . 2015 . Automatic Generation of Data-oriented Exploits . In Proceedings of the 24th USENIX Conference on Security Symposium (USENIX SS). 177\u2013192 . Hu Hong, Chua\u00a0Zheng Leong, Adrian Sendroiu, Saxena Prateek, and Liang Zhenkai. 2015. Automatic Generation of Data-oriented Exploits. In Proceedings of the 24th USENIX Conference on Security Symposium (USENIX SS). 177\u2013192."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2012.20"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/41625.41635"},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the First NASA Formal Methods Symposium.","author":"Jayaraman Karthick","year":"2009","unstructured":"Karthick Jayaraman , David Harvison , and Adam\u00a0Kiezun Vijay\u00a0Ganesh . 2009 . jFuzz: A concolic whitebox fuzzer for Java . In Proceedings of the First NASA Formal Methods Symposium. Karthick Jayaraman, David Harvison, and Adam\u00a0Kiezun Vijay\u00a0Ganesh. 2009. jFuzz: A concolic whitebox fuzzer for Java. In Proceedings of the First NASA Formal Methods Symposium."},{"key":"e_1_3_2_1_45_1","volume-title":"Proc. of the 22nd USENIX Security Symp. (SS). 621\u2013636","author":"Johns Martin","year":"2013","unstructured":"Martin Johns , Sebastian Lekies , and Ben Stock . 2013 . Eradicating DNS Rebinding with the Extended Same-origin Policy . In Proc. of the 22nd USENIX Security Symp. (SS). 621\u2013636 . Martin Johns, Sebastian Lekies, and Ben Stock. 2013. Eradicating DNS Rebinding with the Extended Same-origin Policy. In Proc. of the 22nd USENIX Security Symp. (SS). 621\u2013636."},{"key":"e_1_3_2_1_46_1","unstructured":"JonathanSalwan. [n.d.]. ROPgadget. https:\/\/github.com\/JonathanSalwan\/ROPgadget.  JonathanSalwan. [n.d.]. ROPgadget. https:\/\/github.com\/JonathanSalwan\/ROPgadget."},{"key":"e_1_3_2_1_47_1","volume-title":"Poster: Deep Learning for Zero-day Flash Malware Detection","author":"Jung Wookhyun","year":"2015","unstructured":"Wookhyun Jung , Sangwon Kim , and Sangyong Choi . 2015 . Poster: Deep Learning for Zero-day Flash Malware Detection . http:\/\/tinyurl.com\/zvqpvfl. Wookhyun Jung, Sangwon Kim, and Sangyong Choi. 2015. Poster: Deep Learning for Zero-day Flash Malware Detection. http:\/\/tinyurl.com\/zvqpvfl."},{"key":"e_1_3_2_1_48_1","volume-title":"Kaspersky Security Bulletin","author":"Kaspersky","year":"2015","unstructured":"Kaspersky [n.d.]. Kaspersky Security Bulletin 2015 . The overall statistics for 2015. http:\/\/tinyurl.com\/zgkkdbj. Kaspersky [n.d.]. Kaspersky Security Bulletin 2015. The overall statistics for 2015. http:\/\/tinyurl.com\/zgkkdbj."},{"key":"e_1_3_2_1_49_1","volume-title":"Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP\u201912)","author":"Kil Cha\u00a0Sang","year":"2012","unstructured":"Cha\u00a0Sang Kil , Avgerinos Thanassis , Rebert Alexandre , and Brumley David . 2012 . Unleashing Mayhem on Binary Code . In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP\u201912) . 380\u2013394. Cha\u00a0Sang Kil, Avgerinos Thanassis, Rebert Alexandre, and Brumley David. 2012. Unleashing Mayhem on Binary Code. In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP\u201912). 380\u2013394."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_51_1","unstructured":"Eduard Kovacs. [n.d.]. Two New Flash Player Zero-Day Bugs Found in Hacking Team Leak. tinyurl.com\/y25a6ve5.  Eduard Kovacs. [n.d.]. Two New Flash Player Zero-Day Bugs Found in Hacking Team Leak. tinyurl.com\/y25a6ve5."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254088"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2731186.2731198"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2858965.2814319"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238176"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106295"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920289"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/1085130.1085132"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3081333.3081361"},{"key":"e_1_3_2_1_60_1","volume-title":"Xinyu Xing, and Peng Liu.","author":"Luo Lannan","year":"2016","unstructured":"Lannan Luo , Qiang Zeng , Chen Cao , Kai Chen , Jian Liu , Limin Liu , Neng Gao\u00a0Min Yang , Xinyu Xing, and Peng Liu. 2016 . Context-aware System Service Call-oriented Symbolic Execution of Android Framework with Application to Exploit Generation. CoRR ( 2016). Lannan Luo, Qiang Zeng, Chen Cao, Kai Chen, Jian Liu, Limin Liu, Neng Gao\u00a0Min Yang, Xinyu Xing, and Peng Liu. 2016. Context-aware System Service Call-oriented Symbolic Execution of Android Framework with Application to Exploit Generation. CoRR (2016)."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.41"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2189750.2151012"},{"key":"e_1_3_2_1_63_1","first-page":"100","article-title":"Differential testing for software","volume":"10","author":"McKeeman WM","year":"1998","unstructured":"WM McKeeman . 1998 . Differential testing for software . Digital Technical Journal 10 (1998), 100 \u2013 107 . WM McKeeman. 1998. Differential testing for software. Digital Technical Journal 10 (1998), 100\u2013107.","journal-title":"Digital Technical Journal"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/96267.96279"},{"key":"e_1_3_2_1_65_1","unstructured":"MITRE Inc.[n.d.]. Common Vulnerabilities and Exposures Database. https:\/\/cve.mitre.org\/. Accessed: 2018-01-24.  MITRE Inc.[n.d.]. Common Vulnerabilities and Exposures Database. https:\/\/cve.mitre.org\/. Accessed: 2018-01-24."},{"key":"e_1_3_2_1_66_1","unstructured":"MITRE Inc.[n.d.]. CVE details - The ultimate security vulnerability datasource. https:\/\/www.cvedetails.com\/vulnerability-list.php?vendor_id=53&product_id=6761&version_id=&page=1.  MITRE Inc.[n.d.]. CVE details - The ultimate security vulnerability datasource. https:\/\/www.cvedetails.com\/vulnerability-list.php?vendor_id=53&product_id=6761&version_id=&page=1."},{"key":"e_1_3_2_1_67_1","unstructured":"Mozilla.org. [n.d.]. Tamarin Project. https:\/\/www-archive.mozilla.org\/projects\/tamarin\/.  Mozilla.org. [n.d.]. Tamarin Project. https:\/\/www-archive.mozilla.org\/projects\/tamarin\/."},{"key":"e_1_3_2_1_68_1","unstructured":"National Institute of Standards and Technology. 2018. CVE-2018-15982. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-15982.  National Institute of Standards and Technology. 2018. CVE-2018-15982. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-15982."},{"key":"e_1_3_2_1_69_1","unstructured":"National Institute of Standards and Technology. 2018. CVE-2018-15982 Detail. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-15982.  National Institute of Standards and Technology. 2018. CVE-2018-15982 Detail. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-15982."},{"key":"e_1_3_2_1_70_1","unstructured":"National Institute of Standards and Technology. 2018. CVE-2018-4878. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-4878.  National Institute of Standards and Technology. 2018. CVE-2018-4878. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-4878."},{"key":"e_1_3_2_1_71_1","unstructured":"National Institute of Standards and Technology. 2019. CVE-2019-8069. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-8069.  National Institute of Standards and Technology. 2019. CVE-2019-8069. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-8069."},{"key":"e_1_3_2_1_72_1","unstructured":"National Institute of Standards and Technology. 2019. CVE-2019-8070. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-8070.  National Institute of Standards and Technology. 2019. CVE-2019-8070. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2019-8070."},{"key":"e_1_3_2_1_73_1","volume-title":"Automated Exploit Generation for Stack Buffer Overflow Vulnerabilities. Programming and Computer Software 41","author":"Padaryan A.","year":"2015","unstructured":"V.\u00a0 A. Padaryan , V.\u00a0 V. Kaushan , and A.\u00a0 N. Fedotov . 2015. Automated Exploit Generation for Stack Buffer Overflow Vulnerabilities. Programming and Computer Software 41 ( 2015 ). Issue 6. V.\u00a0A. Padaryan, V.\u00a0V. Kaushan, and A.\u00a0N. Fedotov. 2015. Automated Exploit Generation for Stack Buffer Overflow Vulnerabilities. Programming and Computer Software 41 (2015). Issue 6."},{"key":"e_1_3_2_1_74_1","volume-title":"Proceedings of the 39th IEEE Symposium on Security and Privacy ((SP)). 697\u2013710","author":"Shoshitaishvili Hui","year":"2018","unstructured":"Peng, Hui and Shoshitaishvili , Yan and Payer , Mathias. 2018 . T-Fuzz: fuzzing by program transformation . In Proceedings of the 39th IEEE Symposium on Security and Privacy ((SP)). 697\u2013710 . Peng, Hui and Shoshitaishvili, Yan and Payer, Mathias. 2018. T-Fuzz: fuzzing by program transformation. In Proceedings of the 39th IEEE Symposium on Security and Privacy ((SP)). 697\u2013710."},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134073"},{"key":"e_1_3_2_1_76_1","volume-title":"Proc. of the 7th Int. Symp. on Engineering Secure Software and Systems (ESSoS). Chapter Learning How to Prevent Return-Oriented Programming Efficiently, 68\u201385","author":"Pfaff David","year":"2015","unstructured":"David Pfaff , Sebastian Hack , and Christian Hammer . 2015 . Proc. of the 7th Int. Symp. on Engineering Secure Software and Systems (ESSoS). Chapter Learning How to Prevent Return-Oriented Programming Efficiently, 68\u201385 . David Pfaff, Sebastian Hack, and Christian Hammer. 2015. Proc. of the 7th Int. Symp. on Engineering Secure Software and Systems (ESSoS). Chapter Learning How to Prevent Return-Oriented Programming Efficiently, 68\u201385."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970316"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2941681"},{"key":"e_1_3_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2355847"},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23404"},{"key":"e_1_3_2_1_81_1","volume-title":"New Kit and Same Player: Top 10 Vulnerabilities Used by Exploit Kits","author":"Future Recorded","year":"2016","unstructured":"Recorded Future . 2016. New Kit and Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016 . https:\/\/www.recordedfuture.com\/top-vulnerabilities-2016\/. Recorded Future. 2016. New Kit and Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016. https:\/\/www.recordedfuture.com\/top-vulnerabilities-2016\/."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139337.3139346"},{"key":"e_1_3_2_1_83_1","unstructured":"Eric Romang. [n.d.]. Gong Da Exploit Pack Add Flash CVE-2013-0634 Support. https:\/\/tinyurl.com\/w6l4sjw\/.  Eric Romang. [n.d.]. Gong Da Exploit Pack Add Flash CVE-2013-0634 Support. https:\/\/tinyurl.com\/w6l4sjw\/."},{"key":"e_1_3_2_1_84_1","unstructured":"Michael Schmalle. [n.d.]. AS3Commons - Opcodes. https:\/\/github.com\/teotigraphix\/as3-commons\/blob\/master\/as3-commons-bytecode\/src\/main\/actionscript\/org\/as3commons\/bytecode\/abc\/enum\/Opcode.as. Accessed on=9-11-2019.  Michael Schmalle. [n.d.]. AS3Commons - Opcodes. https:\/\/github.com\/teotigraphix\/as3-commons\/blob\/master\/as3-commons-bytecode\/src\/main\/actionscript\/org\/as3commons\/bytecode\/abc\/enum\/Opcode.as. Accessed on=9-11-2019."},{"key":"e_1_3_2_1_85_1","volume-title":"Proceedings of the 20th USENIX Security Symposium.","author":"Schwartz J.","year":"2011","unstructured":"Edward\u00a0 J. Schwartz , Thanassis Avgerinos , and David Brumley . 2011 . Q: Exploit Hardening Made Easy . In Proceedings of the 20th USENIX Security Symposium. Edward\u00a0J. Schwartz, Thanassis Avgerinos, and David Brumley. 2011. Q: Exploit Hardening Made Easy. In Proceedings of the 20th USENIX Security Symposium."},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.5555\/1298568.1298570"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134105"},{"key":"e_1_3_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"e_1_3_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.27"},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"crossref","unstructured":"Meera Sridhar Abhinav Mohanty Fadi Yilmaz Vasant Tendulkar and Kevin\u00a0W. Hamlen. 2018. Inscription: Thwarting ActionScript Web Attacks From Within. In In the proceedings of the 17th International Conference On Trust and Security and Privacy In Computing and Communications (TrustCom). 504\u2013515.  Meera Sridhar Abhinav Mohanty Fadi Yilmaz Vasant Tendulkar and Kevin\u00a0W. Hamlen. 2018. Inscription: Thwarting ActionScript Web Attacks From Within. In In the proceedings of the 17th International Conference On Trust and Security and Privacy In Computing and Communications (TrustCom). 504\u2013515.","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00078"},{"key":"e_1_3_2_1_92_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23368"},{"key":"e_1_3_2_1_93_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.25"},{"key":"e_1_3_2_1_94_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04283-1_14"},{"key":"e_1_3_2_1_95_1","article-title":"RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing.","volume":"7","author":"Wang Zhiqiang","year":"2013","unstructured":"Zhiqiang Wang , Yuqing Zhang , and Qixu Liu . 2013 . RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing. KSII Transactions on Internet & Information Systems 7 , 8 (2013). Zhiqiang Wang, Yuqing Zhang, and Qixu Liu. 2013. RPFuzzer: A Framework for Discovering Router Protocols Vulnerabilities Based on Fuzzing.KSII Transactions on Internet & Information Systems 7, 8 (2013).","journal-title":"KSII Transactions on Internet & Information Systems"},{"key":"e_1_3_2_1_96_1","unstructured":"Website. [n.d.]. american fuzzy lop. http:\/\/lcamtuf.coredump.cx\/afl\/.  Website. [n.d.]. american fuzzy lop. http:\/\/lcamtuf.coredump.cx\/afl\/."},{"key":"e_1_3_2_1_97_1","unstructured":"Website. [n.d.]. libFuzzer: A library for coverage-guided fuzz testing. http:\/\/llvm.org\/docs\/LibFuzzer.html.  Website. [n.d.]. libFuzzer: A library for coverage-guided fuzz testing. http:\/\/llvm.org\/docs\/LibFuzzer.html."},{"key":"e_1_3_2_1_98_1","doi-asserted-by":"crossref","unstructured":"Christian Wressnegger Fabian Yamaguchi Daniel Arp and Konrad Rieck. 2016. Comprehensive Analysis and Detection of Flash-Based Malware. (2016) 101\u2013121.  Christian Wressnegger Fabian Yamaguchi Daniel Arp and Konrad Rieck. 2016. Comprehensive Analysis and Detection of Flash-Based Malware. (2016) 101\u2013121.","DOI":"10.1007\/978-3-319-40667-1_6"},{"key":"e_1_3_2_1_99_1","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX SS).","author":"Wu Wei","year":"2018","unstructured":"Wei Wu , Yueqi Chen , Jun Xu , Xinyu Xing , Xiaorui Gong , and Wei Zou . 2018 . FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities . In Proceedings of the 27th USENIX Security Symposium (USENIX SS). Wei Wu, Yueqi Chen, Jun Xu, Xinyu Xing, Xiaorui Gong, and Wei Zou. 2018. FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities. In Proceedings of the 27th USENIX Security Symposium (USENIX SS)."},{"key":"e_1_3_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1109\/QRS-C.2018.00085"},{"key":"e_1_3_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993532"},{"key":"e_1_3_2_1_102_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134085"},{"key":"e_1_3_2_1_103_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-015-9274-6"},{"key":"e_1_3_2_1_104_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-89500-0_32"},{"key":"e_1_3_2_1_105_1","volume-title":"ICSE Workshop on Automation of Software Test. 36\u201343","author":"Zhao Chen","year":"2009","unstructured":"Chen Zhao , Yunzhi Xue , Qiuming Tao , Liang Guo , and Zhaohui Wang . 2009 . Automated test program generation for an industrial optimizing compiler . In ICSE Workshop on Automation of Software Test. 36\u201343 . Chen Zhao, Yunzhi Xue, Qiuming Tao, Liang Guo, and Zhaohui Wang. 2009. Automated test program generation for an industrial optimizing compiler. In ICSE Workshop on Automation of Software Test. 36\u201343."},{"key":"e_1_3_2_1_106_1","volume-title":"Automated Fuzz Generators for High-Coverage Tests Based on Program Branch Predications. In 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). 514\u2013520","author":"Zhao Jinjing","year":"2018","unstructured":"Jinjing Zhao and Ling Pang . 2018 . Automated Fuzz Generators for High-Coverage Tests Based on Program Branch Predications. In 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). 514\u2013520 . Jinjing Zhao and Ling Pang. 2018. Automated Fuzz Generators for High-Coverage Tests Based on Program Branch Predications. In 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). 514\u2013520."}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","acronym":"ACSAC '20","location":"Austin USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427568","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427568","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:25Z","timestamp":1750197745000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427568"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":105,"alternative-id":["10.1145\/3427228.3427568","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427568","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}