Application-Specific Attacks: Leveraging the ActionScript Virtual Machine

Memory corruption vulnerabilities are now being exploited using application specific attacks, like the scenario leveraging the ActionScript Virtual Machine. Learning how this attack works will help refine countermeasures to protect this and other similar vulnerabilities. Memory corruption vulnerabilities are becoming increasingly difficult to exploit, largely due to the protection mechanisms being integrated into most modern operating systems. As general protection mechanisms evolve, attackers are engaging in more specific, low-level application-targeted attacks. In order to refine general countermeasures (or at least raise awareness of their shortcomings), it is important to first understand how memory corruption vulnerabilities are exploited in some unique scenarios.