Executive Summary

Informations
Name CVE-2008-5361 First vendor Publication 2008-12-08
Vendor Cve Last vendor Modification 2018-11-08

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5361

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 89

OpenVAS Exploits

Date Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-03-13 Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash)
File : nvt/glsa_200903_23.nasl
2008-11-12 Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl
2008-11-12 Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win)
File : nvt/gb_adobe_flash_player_mult_vuln_nov08_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
51491 Adobe Flash Player ActionScript 2 VM Crafted PDF File Handling Multiple Actio...

Nessus® Vulnerability Scanner

Date Description
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0945.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0980.nasl - Type : ACT_GATHER_INFO
2009-03-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://www.securityfocus.com/archive/1/498561/100/0/threaded
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm
GENTOO http://security.gentoo.org/glsa/glsa-200903-23.xml
MISC http://www.adobe.com/support/security/bulletins/apsb08-22.html
http://www.isecpartners.com/advisories/2008-01-flash.txt
SECUNIA http://secunia.com/advisories/33390
http://secunia.com/advisories/34226
SREASON http://securityreason.com/securityalert/4692
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2021-05-04 12:08:30
  • Multiple Updates
2021-04-22 01:08:51
  • Multiple Updates
2020-05-24 01:05:07
  • Multiple Updates
2020-05-23 00:22:41
  • Multiple Updates
2018-11-09 00:19:40
  • Multiple Updates
2018-10-30 12:02:42
  • Multiple Updates
2018-10-12 00:20:30
  • Multiple Updates
2018-03-06 12:01:55
  • Multiple Updates
2016-06-28 17:22:01
  • Multiple Updates
2016-04-26 18:05:47
  • Multiple Updates
2014-02-17 10:47:31
  • Multiple Updates
2013-05-11 00:31:58
  • Multiple Updates