Abstract: The usage, value of security study, and present situation of escape techniques of AVM2 (ActionScript Virtual Machine 2) were introduced. Starting from the flaws of ABC verification in AVM2 security model, with host environment vulnerabilities and byte code simulation engine vulnerabilities, the technique details of the escape based on verification deception were then analyzed. Finally, according to the current research, proper strategies of defense and the target to improve in the next phase were given.

Key words: AVM2 Virtual Machine, Escape, Security Model, Verification Deception, host environment

摘要： 介绍了AVM2虚拟机的应用背景、安全研究价值和逃逸技术现状。从AVM2安全模型中的ABC验证缺陷入手，结合宿主环境漏洞和字节码仿真引擎漏洞，研究了基于验证欺骗的逃逸技术细节。最后根据当前研究成果，提出相应的防范策略，以及下阶段的改进目标。

关键词: AVM2虚拟机, 逃逸, 安全模型, 验证欺骗, 宿主环境