CVE-2008-5363
Published Dec 8, 2008
Last updated 6 years ago
Overview
- Description
- The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-399
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31300012-1803-451C-9304-7D532CAAD597",
"versionEndExcluding": "1.5"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9617651-EBE0-443C-9C56-75A6DB6DFA2C",
"versionEndExcluding": "9.0.151.0",
"versionStartIncluding": "9.0.16.0"
},
{
"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24B27C65-29D0-42D7-8293-67839687888A",
"versionEndExcluding": "10.0.12.36",
"versionStartIncluding": "10"
}
],
"operator": "OR"
}
]
}
]