CVE Vulnerability

CVE-2008-5363

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.isecpartners.com/advisories/2008-01-flash.txt Third Party Advisory
http://www.adobe.com/support/security/bulletins/apsb08-22.html Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 Broken Link
http://secunia.com/advisories/33390 Third Party Advisory
http://securityreason.com/securityalert/4692 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm Third Party Advisory
http://security.gentoo.org/glsa/glsa-200903-23.xml Third Party Advisory
http://secunia.com/advisories/34226 Third Party Advisory
http://www.securityfocus.com/archive/1/498561/100/0/threaded Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Information

Published : 2008-12-08 11:30

Updated : 2018-11-02 06:59

NVD link : CVE-2008-5363

Mitre link : CVE-2008-5363

Products Affected
No products.
CWE
CWE-399