CVE Vulnerabilities

CVE-2008-5361

Published: Dec 08, 2008 | Modified: Nov 08, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
4.3 IMPORTANT
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member elements size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.

Affected Software

Name Vendor Start Version End Version
Air Adobe * *
Flash_player Adobe 9.0.16.0 *
Flash_player Adobe 10 *
Extras for RHEL 3 RedHat flash-plugin-0:9.0.151.0-1.el3.with.oss *
Extras for RHEL 4 RedHat flash-plugin-0:9.0.151.0-1.el4 *
Supplementary for Red Hat Enterprise Linux 5 RedHat flash-plugin-0:10.0.12.36-2.el5 *
Flashplugin-nonfree Ubuntu dapper *

References