CVE-2008-5361
First published: Mon Dec 08 2008(Updated: )
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe AIR | <1.5 | |
| Adobe Flash Player for Internet Explorer 11 | >=9.0.16.0<9.0.151.0 | |
| Adobe Flash Player for Internet Explorer 11 | >=10<10.0.12.36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.isecpartners.com/advisories/2008-01-flash.txt
- http://www.adobe.com/support/security/bulletins/apsb08-22.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1
- http://secunia.com/advisories/33390
- http://securityreason.com/securityalert/4692
- http://security.gentoo.org/glsa/glsa-200903-23.xml
- http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
- http://secunia.com/advisories/34226
- http://www.securityfocus.com/archive/1/498561/100/0/threaded
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/adobe
- canonical/adobe air
- canonical/adobe flash player for internet explorer 11
- version/adobe flash player for internet explorer 11/9.0.16.0
- version/adobe flash player for internet explorer 11/10