Modern document-processing software, like Adobe Acrobat, integrate scripting languages (e.g., JavaScript) to simplify file modification. Since scripts operate at high-level abstraction while commercial software are written in low-level languages, a binding layer is necessary to transform data representations. However, due to the system complexity, the binding layer often produces inconsistent semantics or misses security checks, leading to severe vulnerabilities. Existing testing efforts focus on the script subsystem, and miss bugs involving other components. In this proposal, we plan to design cooperative mutation for testing binding layers. Different from previous work, cooperative mutation will update both inputs to the script subsystem and inputs to other components to trigger bugs. Since many bugs are due to the interplay between the program initial state and the dynamic operations, only two-dimensional mutations can trigger them. To enable practical cooperative mutation, we will first infer the relationship between scripts and objects through statistical analysis, and then cooperatively mutate related objects and scripts for triggering bugs. We plan to evaluate our method on popular software that integrate scripting languages, like Adobe Acrobat, Microsoft Word, and Google Chrome. If successful, we will identify severe vulnerabilities from popular applications and protect millions of devices.