关键词: AVM2虚拟机, 逃逸, 安全模型, 验证欺骗, 宿主环境

Abstract: The usage, value of security study, and present situation of escape techniques of AVM2 (ActionScript Virtual Machine 2) were introduced. Starting from the flaws of ABC verification in AVM2 security model, with host environment vulnerabilities and byte code simulation engine vulnerabilities, the technique details of the escape based on verification deception were then analyzed. Finally, according to the current research, proper strategies of defense and the target to improve in the next phase were given.

Key words: AVM2 Virtual Machine, Escape, Security Model, Verification Deception, host environment