Abstract:

As the application of Flash file in the network is becoming more and more wide, the security problems of Adobe Flash Player have also attracted more and more attentions. Every vulnerability has a possibility to arise serious security problem. This dissertation first describes the operation mechanism of Adobe Flash Player from the two aspects of Flash client technology and Flash 3D visualization analysis, gives a research on the characters of ActionScript language, Flash rendering model, event mechanism, Flash three dimensional graphic display, Stage3D hardware speeding and Stage3D modeling. Then the format of SWF file is described, and the file heading and the label structure are introduced. Combining with the statistic information of CVE website, the article takes a classification on the vulnerabilities of Adobe Flash Player. These four types of vulnerabilities are Flash file format vulnerability, Flash service denial vulnerability, Flash cross site scripting vulnerability and Flash spoofing attack vulnerability. Then the vulnerabilities classification method and the vulnerabilities analysis technology of Adobe Flash Player are described in detail and the technical model for vulnerability analysis targeting on Adobe Flash Player is built up. At last, ten typical vulnerabilities in Adobe Flash Player are taken as the practical examples. After the processes of information collection, data flow tracking and vulnerability principle analysis, the vulnerability production mechanism is drawn out finally.

Key words: Adobe Flash Player, vulnerabilities classification, vulnerabilities analysis, SWF file format