OXPS Security Test

This is a version of the XPS Security test that is designed to validate printer capabilities for Open XML Paper Specification (XPS) documents.

The main purpose of this tool is to find security holes in XPS consumers by creating fuzzed XPS files. It utilizes the following fuzzing mechanism:

  • Fuzz Zip Layer (eg: Compressed Size, Uncompressed Size, Signature, etc)

  • Fuzz XPS Layer (eg: URI, Content Type, Relationship Type, etc)

The input file can be valid/invalid XPS file; however the input file should be a valid ZIP.

This tool also has auto-consume feature. When this feature is enabled, the fuzzed XPS files will automatically be consumed by the desired consumer. The main goal is to have robust and secure XPS consumers, which are able to handle fuzzed XPS files in a nice manner. In other words, XPS consumers should catch every possible exception and report nicely to user.

This tool will go into debugger state if unhandled exception is thrown. Currently, there are three supported consumers, which are FlexMusl, Reach Viewer and XPS Viewer.

When auto-consume feature is disabled, this tool will produce fuzzed XPS files. These files can be used to validate against your XPS consumer.

For information about this automated test, see XPS Security Test.

Test details

Associated requirements

Device.Imaging.Printer.OXPS.OXPS

See the device hardware requirements.

Platforms

Windows 8 (x64) Windows 8 (x86) Windows Server 2012 (x64) Windows 8.1 x64 Windows 8.1 x86 Windows Server 2012 R2

Expected run time

~2 minutes

Categories

Certification Functional

Type

Automated

 

 

 

Send comments about this topic to Microsoft