Is there a fuzzing tool that can scan some arbitrary windows binary and identify a set of heap overflow vulnerabilities?
For example, a tool that applies a set of heuristics or maybe a list of known heap overflow vulnerabilities to find these, and then returns the locations and the type of overflow attack.
No fuzzing tool will scan a windows binary looking for vulnerabilities, because that is not fuzzing! There are dynamic or static analysis tools that can look at the code or a compiled binary to determine if it is vulnerable. From experience all of these analysis tools produce tons of false posties and false negatives.
Using a fuzzing framework like Sulley or Peach you can test any interface for memory corruption vulnerabilities. Both of these projects have great documentation and have been used to find many buffer overflows.
You will still have to define what interface you are fuzzing. Are you fuzzing files? Or a remote API? The fuzzing framework comes with a testing harness to generate test cases and determine when the application crashes.
