CVE-2008-5363
Description
The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.
Risk Information
Base Score
6.5
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.642
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Upgrade Adobe flash player 10.0.0.584 to latest version | Windows |
| Upgrade air 1.1 to latest version | Windows |
| Vulnerabilities CVE-2008-4546,CVE-2008-4824,CVE-2008-5361,CVE-2008-5362,CVE-2008-5363 are affected in Adobe Flash Player Plugin 10.0.12.10 | Windows |
| Vulnerabilities CVE-2008-4546,CVE-2008-4824,CVE-2008-5361,CVE-2008-5362,CVE-2008-5363 are affected in Adobe Flash Player PPAPI 10.0.12.10 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234