4.3
CVE-2008-5363
- EPSS 3.72%
- Veröffentlicht 08.12.2008 11:30:06
- Zuletzt bearbeitet 16.06.2026 22:59:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Flash Player Version >= 9.0.16.0 < 9.0.151.0
Adobe ≫ Flash Player Version >= 10 < 10.0.12.36
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.72% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
http://secunia.com/advisories/33390
http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
http://secunia.com/advisories/34226
http://security.gentoo.org/glsa/glsa-200903-23.xml
http://www.adobe.com/support/security/bulletins/apsb08-22.html
http://www.isecpartners.com/advisories/2008-01-flash.txt
http://www.securityfocus.com/archive/1/498561/100/0/threaded
http://securityreason.com/securityalert/4692