The 2008 Pwnie Nominee For Most Innovative Research

Application-Specific Attacks: Leveraging the ActionScript VM

Mark Dowd

Mark Dowd exploited a NULL pointer dereference in the Flash runtime to desynchronize the ActionScript bytecode verifier, inject malicious bytecode instructions and finally execute x86 shellcode. The combination of techniques used by Dowd is beyond anything seen before. The details of the exploit are published in a 25-page paper and explained for non-exploit writers in a Matasano blog post.