Rich Internet Application, known as RIA, is a new concept of modern web2.0. Moving logic from the server to an untrusted client may open up security holes that never present in the page-oriented "Web 1.0" architecture. (Adobe?) Flash and PDF are 2 of the most important RIA formats and are most widely used by internet users. During past 2 years hackers have pay more attention to RIA exploits especially to Adobe's vulnerabilities through internet, Adobe software was believed to be the 2nd Microsoft.In this presentation, we will start with the threat trend of SWF and PDF applications, various kinds of attacks rely on vulnerabilities through web browsers spreading to in the internet. Followed by showing how AV handles and how hackers manage to bypass them. We'll then demonstrate technical details on the format change and advancement of the malicious SWF and PDF files aimed to bypass antivirus software. To fight against these Web2.0 based attacks, we will present a research project on an analysis tool for malicious content parser. In the end, we will present a frame of real-time RIA scanner between gateway and user browser.This presentation has never been published to public before.