|
|
CVE Reference: CVE-2008-5362 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-5362 |
|
|
Description: The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file. |
|
|
CVE Status: Candidate |
|
|
References: SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 SREASON http://securityreason.com/securityalert/4692 SAID Secunia Advisory: SA33390 Secunia Advisory: SA34226 MISC http://www.isecpartners.com/advisories/2008-01-flash.txt http://www.adobe.com/support/security/bulletins/apsb08-22.html GENTOO http://security.gentoo.org/glsa/glsa-200903-23.xml CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/498561/100/0/threaded |
|
| Return to the previous page. |
