.I think I have found what looks like a null pointer dereference in flash. I think the best way to exploit this, or at least the standard known one Is using heap spraying but the problem is that I don't even know how to start reversing the bug. The problem is that it's a vm and I don't know how to extract meaningfull information such as a trace of actionscript function calls or whatever, Does someone know some tool to reverse/debug swf's?, As far as i know the flash debugger doesn't debug compiled swf's, only .fla's or some kind of mix between them, but obviously I don't have the original .fla. That's why I'm posting here this is more reversing than exploiting. Another idea that comes to my mind is a flash bytecode decompiler, I don't really know, thanks in advance.
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}