Vulnerability Name: CVE-2008-5361 (CCN-47243) Assigned: 2008-11-17 Published: 2008-11-17 Updated: 2018-11-08 Summary: The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N )3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N )3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-399 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2008-5361 Source: CCN Type: RHSA-2008-0945Important: flash-plugin security update Source: CCN Type: RHSA-2008-0980Important: flash-plugin security update Source: SECUNIA Type: Third Party Advisory33390 Source: SECUNIA Type: Third Party Advisory34226 Source: GENTOO Type: Third Party AdvisoryGLSA-200903-23 Source: SREASON Type: Third Party Advisory4692 Source: SUNALERT Type: Broken Link248586 Source: CCN Type: Sun Alert ID: 248586Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris Source: CONFIRM Type: Third Party Advisoryhttp://support.avaya.com/elmodocs2/security/ASA-2009-020.htm Source: CCN Type: ASA-2009-020Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris (Sun 248586) Source: CCN Type: NORTEL BULLETIN ID: 2009009312, Rev 1Nortel Response to Sun Alert 248586 - Multiple Security Vulnerabilities in the Flash Player Plugin for Solaris Source: CCN Type: Adobe Product Security Bulletin APSB08-22Additional disclosure of security vulnerabilities fixed in Flash Player 10.0.12.36 and Flash Player 9.0.151.0 Source: MISC Type: Patch, Vendor Advisoryhttp://www.adobe.com/support/security/bulletins/apsb08-22.html Source: CCN Type: GLSA-200903-23Adobe Flash Player: Multiple vulnerabilities Source: MISC Type: Third Party Advisoryhttp://www.isecpartners.com/advisories/2008-01-flash.txt Source: CCN Type: OSVDB ID: 51491Adobe Flash Player ActionScript 2 VM Crafted PDF File Handling Multiple Action Memory Disclosure Source: BUGTRAQ Type: Third Party Advisory, VDB Entry20081122 Adobe Flash Multiple Vulnerabilities Source: XF Type: UNKNOWNair-flashplayer-actionscript-info-disclosure(47243) Source: CCN Type: iSEC Partners Security Advisory - 2008-01-flashAdobe Flash Multiple Vulnerabilities Vulnerable Configuration: Configuration 1 :cpe:/a:adobe:air:*:*:*:*:*:*:*:* (Version < 1.5)OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 9.0.16.0 and < 9.0.151.0) OR cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version >= 10 and < 10.0.12.36) Configuration RedHat 1 :cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:adobe:flash_player:9.0.31:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.16:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:* OR cpe:/a:adobe:air:1.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.28.0::mac_os_x:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.0.16::windows:*:*:*:*:* OR cpe:/a:adobe:air:1.1:*:*:*:*:*:*:* OR cpe:/a:adobe:air:1.01:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:* OR cpe:/a:adobe:flash_player:9.125.0:*:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:* OR cpe:/o:sun:solaris:10::x86:*:*:*:*:* OR cpe:/a:redhat:rhel_extras:3:*:*:*:*:*:*:* OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_89::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_89::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_95::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_95::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_88::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_88::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_87::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_86::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_86::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_87::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_100::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_100::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_102::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_102::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_91::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_91::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_90::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_90::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_101::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_101::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_92::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_93::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_94::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_99::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_98::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_97::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_96::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_94::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_93::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_99::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_97::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_98::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_96::x86:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_103::sparc:*:*:*:*:* OR cpe:/o:sun:opensolaris:build_snv_103::x86:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
adobe air *
adobe flash player *
adobe flash player *
adobe flash player 9.0.31
adobe flash player 9.0.45.0
adobe flash player 9.0.47.0
adobe flash player 9.0.48.0
adobe flash player 9.0.115.0
adobe flash player 9.0.16
adobe flash player 9.0.18d60
adobe flash player 9.0.20.0
adobe flash player 9.0.28.0
adobe air 1.0
adobe flash player 9.0.114.0
adobe flash player 9.0.124.0
adobe flash player 9.0.112.0
adobe flash player 10.0.12.10
adobe flash player 9.0.28.0
adobe flash player 9.0.16
adobe air 1.1
adobe air 1.01
adobe flash player 10.0.0.584
adobe flash player 9.125.0
gentoo linux *
sun solaris 10
sun solaris 10
redhat rhel extras 3
redhat rhel extras 4
sun opensolaris build_snv_89
sun opensolaris build_snv_89
sun opensolaris build_snv_95
sun opensolaris build_snv_95
sun opensolaris build_snv_88
sun opensolaris build_snv_88
sun opensolaris build_snv_87
sun opensolaris build_snv_86
sun opensolaris build_snv_86
sun opensolaris build_snv_87
sun opensolaris build_snv_100
sun opensolaris build_snv_100
sun opensolaris build_snv_102
sun opensolaris build_snv_102
sun opensolaris build_snv_91
sun opensolaris build_snv_91
sun opensolaris build_snv_90
sun opensolaris build_snv_90
sun opensolaris build_snv_101
sun opensolaris build_snv_101
sun opensolaris build_snv_92
sun opensolaris build_snv_93
sun opensolaris build_snv_94
sun opensolaris build_snv_99
sun opensolaris build_snv_98
sun opensolaris build_snv_97
sun opensolaris build_snv_96
sun opensolaris build_snv_94
sun opensolaris build_snv_93
sun opensolaris build_snv_99
sun opensolaris build_snv_97
sun opensolaris build_snv_98
sun opensolaris build_snv_96
sun opensolaris build_snv_103
sun opensolaris build_snv_103