Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-5363 | First vendor Publication | 2008-12-08 |
| Vendor | Cve | Last vendor Modification | 2018-11-02 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5363 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:22730 | |||
| Oval ID: | oval:org.mitre.oval:def:22730 | ||
| Title: | ELSA-2008:0945: flash-plugin security update (Critical) | ||
| Description: | The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2008:0945-02 CVE-2007-4324 CVE-2007-6243 CVE-2008-3873 CVE-2008-4401 CVE-2008-4503 CVE-2008-4818 CVE-2008-4819 CVE-2008-4821 CVE-2008-4822 CVE-2008-4823 CVE-2008-4824 CVE-2008-5361 CVE-2008-5362 CVE-2008-5363 | Version: | 61 |
| Platform(s): | Oracle Linux 5 | Product(s): | flash-plugin |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-03-13 | Name : Gentoo Security Advisory GLSA 200903-23 (netscape-flash) File : nvt/glsa_200903_23.nasl |
| 2008-11-12 | Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl |
| 2008-11-12 | Name : Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win) File : nvt/gb_adobe_flash_player_mult_vuln_nov08_win.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 53097 | Adobe Multiple Product ActionScript 2 VM Dictionary Data Structure Character ... |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0945.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2008-0980.nasl - Type : ACT_GATHER_INFO |
| 2009-03-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-23.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:08:30 |
|
| 2021-04-22 01:08:51 |
|
| 2020-05-24 01:05:07 |
|
| 2020-05-23 00:22:41 |
|
| 2018-11-02 21:19:48 |
|
| 2018-10-30 12:02:42 |
|
| 2018-10-12 00:20:30 |
|
| 2018-03-06 12:01:55 |
|
| 2016-06-28 17:22:02 |
|
| 2016-04-26 18:05:48 |
|
| 2014-02-17 10:47:31 |
|
| 2013-05-11 00:31:59 |
|
