The 2010 Pwnie Nominee For Best Client-Side Bug

Flash AVM JIT compiler code execution (CVE-2010-1297)

Credit: Unknown

This vulnerability was found in the wild. It was a technically sophisticated exploit that used malformed AVM instructions in a Flash file to force the JIT compiler to make incorrect assumptions about the stack layout and generate invalid code. This can be used by an attacker to redirect the code execution to shellcode.

(CVE-2010-1297)