The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/498561/100/0/threaded | mailing list vdb entry third party advisory |
| http://secunia.com/advisories/33390 | third party advisory |
| http://www.isecpartners.com/advisories/2008-01-flash.txt | third party advisory |
| http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm | third party advisory |
| http://www.adobe.com/support/security/bulletins/apsb08-22.html | patch vendor advisory |
| http://secunia.com/advisories/34226 | third party advisory |
| http://securityreason.com/securityalert/4692 | third party advisory |
| http://security.gentoo.org/glsa/glsa-200903-23.xml | third party advisory vendor advisory |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1 | vendor advisory broken link |