Abstract:
Uninitialized data returned to the user represent a source of software vulnerabilities which might lead to information disclosure under certain conditions. In this work, we aim at detection and exploiting uninitialized variables in a given software. We perform static analysis of source code, transform it into a graph that o_ers full description of the application, look for uninitialized data and classify it. Next we try to retrieve the content of these data and show a way to enforce the application to modify it as we desire.