Lucene search

[email protected]CVE-2008-5363

HistoryDec 08, 2008 - 11:30 a.m.

CVE-2008-5363

2008-12-0811:30:00

CWE-399

[email protected]

web.nvd.nist.gov

adobe

flash player

air

cve-2008-5363

vulnerability

denial of service

adobe air

remote attackers

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt9.0.151.0
adobe:flash_playeradobe flash playerlt10.0.12.36
adobe:airadobe airlt1.5

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	lt	9.0.151.0
adobe:flash_player	adobe flash player	lt	10.0.12.36
adobe:air	adobe air	lt	1.5

References

secunia.com/advisories/33390

secunia.com/advisories/34226

security.gentoo.org/glsa/glsa-200903-23.xml

securityreason.com/securityalert/4692

sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

support.avaya.com/elmodocs2/security/ASA-2009-020.htm

www.adobe.com/support/security/bulletins/apsb08-22.html

www.isecpartners.com/advisories/2008-01-flash.txt

www.securityfocus.com/archive/1/498561/100/0/threaded

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2008-5363

prion1 ubuntucve1 openvas6 nessus3 redhat2 gentoo1