eEye released integer overflow auditing tool

By | February 16, 2007

Vulnerability research company eEye Security has released a free security vulnerability auditing tool that helps spotting possible integer overflow vulnerabilities.

The tool, called “UFuz3”, is a binary file fuzzer focused on finding integer overflow vulnerabilities. This tool can audit any application which loads a binary file such as Windows Media player, Microsoft Office etc.

Integer overflow vulnerabilities occur when an attempt is made to store a value greater than the maximum fixed size of an integer (32 bits). Integer overflows are dangerous if the calculation has to do with the size of a buffer, which usually leads to buffer overflows.

The tool can be downloaded here.

Leave a Reply