6.3 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
87.9%
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
CPE | Name | Operator | Version |
---|---|---|---|
adobe:flash_player | adobe flash player | lt | 9.0.151.0 |
adobe:flash_player | adobe flash player | lt | 10.0.12.36 |
adobe:air | adobe air | lt | 1.5 |
secunia.com/advisories/33390
secunia.com/advisories/34226
security.gentoo.org/glsa/glsa-200903-23.xml
securityreason.com/securityalert/4692
sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
support.avaya.com/elmodocs2/security/ASA-2009-020.htm
www.adobe.com/support/security/bulletins/apsb08-22.html
www.isecpartners.com/advisories/2008-01-flash.txt
www.securityfocus.com/archive/1/498561/100/0/threaded