Adobe Flash Player has been a major target for exploits and malware in recent years. I wrote about CVE-2014-1776 and CVE-2014-0515 exploits just a few weeks ago. CVE-2014-1776 is an IE vulnerability, but the exploit found in the wild was using an Adobe Flash Player file to achieve reliable exploitation against ASLR and DEP. CVE-2014-0515 was a vulnerability with the Adobe Flash Player Pixel Bender component.
Basically, SWF files are not something you can avoid analyzing if you are dealing with real-life exploits. A good methodology when analyzing SWF files is also very beneficial for current malware research. I talked about automating SWF exploits and malware analysis in a previous presentation, but here I want to share a more manual methodology you can use for daily research. All the tools are free and some of them are open source. For this example, I used a sample with a SHA1 value of 300a7e4d54eca8641d7a19ceb4ab68bb76696816. This sample exploits the CVE-2014-0515 vulnerability.
more here.........http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Playing-with-Adobe-Flash-Player-Exploits-and-Byte-Code/ba-p/6505942#.U5ginPldWSo
Basically, SWF files are not something you can avoid analyzing if you are dealing with real-life exploits. A good methodology when analyzing SWF files is also very beneficial for current malware research. I talked about automating SWF exploits and malware analysis in a previous presentation, but here I want to share a more manual methodology you can use for daily research. All the tools are free and some of them are open source. For this example, I used a sample with a SHA1 value of 300a7e4d54eca8641d7a19ceb4ab68bb76696816. This sample exploits the CVE-2014-0515 vulnerability.
more here.........http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Playing-with-Adobe-Flash-Player-Exploits-and-Byte-Code/ba-p/6505942#.U5ginPldWSo