|Date: (C)2008-12-08 (M)2017-08-11|
|CVSS Score: 4.3||Access Vector: NETWORK|
|Exploitability Subscore: 8.6||Access Complexity: MEDIUM|
|Impact Subscore: 2.9||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: NONE|
| ||Availability: NONE|
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 220.127.116.11, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.