[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5363Date: (C)2008-12-08   (M)2023-12-22


The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/498561/100/0/threaded
SUNALERT-248586
SECUNIA-33390
SECUNIA-34226
SREASON-4692
GLSA-200903-23
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://www.adobe.com/support/security/bulletins/apsb08-22.html
http://www.isecpartners.com/advisories/2008-01-flash.txt

CPE    2
cpe:/a:adobe:air
cpe:/a:adobe:flash_player
CWE    1
CWE-399
OVAL    6
oval:org.secpod.oval:def:18059
oval:org.secpod.oval:def:18058
oval:org.secpod.oval:def:18025
oval:org.secpod.oval:def:18024
...

© SecPod Technologies