“If this were a dictatorship, it’d be a heck of a lot easier, just so long as I’m the dictator.”
|--George W. Bush, Washington, DC, December 19, 2000|
File format fuzzing is a specialized fuzzing method with specifically defined targets. These targets are usually client-side applications. Examples include media players, Web browsers, and office productivity suites. However, targets can also be servers, such as antivirus gateway scanners, spam filters, and even regular e-mail servers. The end goal of file format fuzzing is to find an exploitable flaw in the way that an application parses a certain type of file.
An impressive number of client-side file format parsing vulnerabilities were uncovered in 2005 and 2006, ...