Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5361

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5361
Last Modified 20 Mar 2009 01:50:51
Published 08 Dec 2008 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5361

Summary

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.

Vulnerable Systems

Application

  • Adobe Air 1.0

  • Adobe Air 1.1

  • Adobe Flash Player 10.0.0.584

  • Adobe Flash Player 10.0.12.10

  • Adobe Flash Player 9.0.112.0

  • Adobe Flash Player 9.0.114.0

  • Adobe Flash Player 9.0.115.0

  • Adobe Flash Player 9.0.124.0

  • Adobe Flash Player 9.0.16

  • Adobe Flash Player 9.0.18d60

  • Adobe Flash Player 9.0.20

  • Adobe Flash Player 9.0.20.0

  • Adobe Flash Player 9.0.28

  • Adobe Flash Player 9.0.28.0

  • Adobe Flash Player 9.0.31

  • Adobe Flash Player 9.0.31.0

  • Adobe Flash Player 9.0.45.0

  • Adobe Flash Player 9.0.47.0

  • Adobe Flash Player 9.0.48.0

  • Adobe Flash Player 9.125.0


References

MISC - http://www.adobe.com/support/security/bulletins/apsb08-22.html

BUGTRAQ - 20081122 Adobe Flash Multiple Vulnerabilities

MISC - http://www.isecpartners.com/advisories/2008-01-flash.txt

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

SUNALERT - 248586

SREASON - 4692

GENTOO - GLSA-200903-23

SECUNIA - 34226

SECUNIA - 33390

Related Patches

Adobe Flash Player 10.0.12.36 for Mac OS X (PPC) (Rev 2)


Last Updated: 27 May 2016 10:48:47