Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5363

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5363
Last Modified 20 Mar 2009 01:50:52
Published 08 Dec 2008 06:30:06
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5363

Summary

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

Vulnerable Systems

Application

  • Adobe Air 1.0

  • Adobe Air 1.1

  • Adobe Flash Player 10.0.0.584

  • Adobe Flash Player 10.0.12.10

  • Adobe Flash Player 9.0.112.0

  • Adobe Flash Player 9.0.114.0

  • Adobe Flash Player 9.0.115.0

  • Adobe Flash Player 9.0.124.0

  • Adobe Flash Player 9.0.16

  • Adobe Flash Player 9.0.18d60

  • Adobe Flash Player 9.0.20

  • Adobe Flash Player 9.0.20.0

  • Adobe Flash Player 9.0.28

  • Adobe Flash Player 9.0.28.0

  • Adobe Flash Player 9.0.31

  • Adobe Flash Player 9.0.31.0

  • Adobe Flash Player 9.0.45.0

  • Adobe Flash Player 9.0.47.0

  • Adobe Flash Player 9.0.48.0

  • Adobe Flash Player 9.125.0


References

MISC - http://www.adobe.com/support/security/bulletins/apsb08-22.html

BUGTRAQ - 20081122 Adobe Flash Multiple Vulnerabilities

MISC - http://www.isecpartners.com/advisories/2008-01-flash.txt

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm

SUNALERT - 248586

SREASON - 4692

GENTOO - GLSA-200903-23

SECUNIA - 34226

SECUNIA - 33390

Related Patches

Adobe Flash Player 10.0.12.36 for Mac OS X (PPC) (Rev 2)


Last Updated: 27 May 2016 10:48:48