|Date: (C)2008-12-08 (M)2017-12-07|| |
The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 22.214.171.124, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
|CVSS Score: 4.3||Access Vector: NETWORK|
|Exploit Score: 8.6||Access Complexity: MEDIUM|
|Impact Score: 2.9||Authentication: NONE|
| ||Confidentiality: PARTIAL|
| ||Integrity: NONE|
| ||Availability: NONE|