Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2008-5363 | First vendor Publication | 2008-12-08 |
Vendor | Cve | Last vendor Modification | 2018-11-02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5363 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22730 | |||
Oval ID: | oval:org.mitre.oval:def:22730 | ||
Title: | ELSA-2008:0945: flash-plugin security update (Critical) | ||
Description: | The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0945-02 CVE-2007-4324 CVE-2007-6243 CVE-2008-3873 CVE-2008-4401 CVE-2008-4503 CVE-2008-4818 CVE-2008-4819 CVE-2008-4821 CVE-2008-4822 CVE-2008-4823 CVE-2008-4824 CVE-2008-5361 CVE-2008-5362 CVE-2008-5363 | Version: | 61 |
Platform(s): | Oracle Linux 5 | Product(s): | flash-plugin |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-03-13 | Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash) File : nvt/glsa_200903_23.nasl |
2008-11-12 | Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl |
2008-11-12 | Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53097 | Adobe Multiple Product ActionScript 2 VM Dictionary Data Structure Character ... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0945.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0980.nasl - Type : ACT_GATHER_INFO |
2009-03-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:08:30 |
|
2021-04-22 01:08:51 |
|
2020-05-24 01:05:07 |
|
2020-05-23 00:22:41 |
|
2018-11-02 21:19:48 |
|
2018-10-30 12:02:42 |
|
2018-10-12 00:20:30 |
|
2018-03-06 12:01:55 |
|
2016-06-28 17:22:02 |
|
2016-04-26 18:05:48 |
|
2014-02-17 10:47:31 |
|
2013-05-11 00:31:59 |
|