The Discovery And Exploit Of Vulnerability For Flash Application

As in recent years, with the development of the extensive use of flash , such as youtube company , more and more flash exploits have appeared rapidly , it can not be ignored as an important point of network security and will be concerned for more people. The main research topics related to the security of the Flash application, its related to digging vulnerabilities to application Software and study the correlative technology of digging vulnerabilities.Based on the research of the types of flash vulnerabilities, analyzing the dangers and the scope of vulnerabilities related to flash , the paper focused on digging holes of the buffer vulnerabilities of flash file format. This paper's specific duties include the following points:1) Studying and analyzing the buffer vulnerabilities of the flash file format , I summed up in existing flash mining technique and proposed the program of mining flash holes.2) Taking use of Fuzzing technique, I developed tool of mining holes by automated Fuzzing technique independently, which name is swf-Fuzzer. By using of automated intelligent mining technique of swf-Fuzzer, I used debugger technique to test flash player , to dig out buffer overflow vulnerabilities of flash.3) Taking use of shellcode technique and heap spray technique, I exploited the heap vulnerability of flash, succeed in achieving the excavation and utilization of vulnerabilities of flash buffer.The features about the program of mining vulnerability of flash are: used Fuzzing technique for testing flash applications, improved the performance in automation and intelligent, reduced the time of digging holes. By using of Degugger technique to dig the vulnerabilities, determine the types of Vulnerabilities,the program improved the accuracy of mining holes. Finally, the exploit of vulnerability by heap spray technique reflected the specific hazard of vulnerability of flash.Vulnerability discovery is an important research topic in network information security , and occupies an important component in the network attack and defense technology. So taking the initiative to dig and analyze the security vulnerabilities on the network battle is of great significance.