中文摘要：

基于Flash在网络上应用十分广泛，但一直以来不断出现许多严重的安全问题，提出并实现一种基于虚拟执行与判定覆盖相结合的Flash漏洞检测方法。对于待检测的Flash文件，通过对其进行反编译得到ActionScript代码；然后，分析其类结构，根据分析的结果生成多个虚拟执行流程，每个虚拟流程是对某一段代码的虚拟执行；最后，将虚拟流程的执行结果与漏洞规则进行匹配以判断是否包含漏洞。测试结果表明：所提出的漏洞检测方法具有误判率低、执行效率高的特点。

英文摘要：

Based on the fact that Flash has many serious security problems through widely used in the Intemet, a detection method for Flash vulnerability based on virtual execution and branch coverage was proposed. Firstly, Flash file was decompiled and scanned to get the ActionScript code. Secondly, the class structure was analyzed and multiple virtual execution processes were generated according to the analysis. Finally it was determined whether the Flash file contained vulnerabilities after each virtual execution process. The results indicate that the method has advantages of low false positives and high execution efficiency.