CVE-2006-5330 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-5330
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-5330

Description: CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/29634 SUSE http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 ST 1017078 SREASON http://securityreason.com/securityalert/1737 SAID Secunia Advisory: SA23324 Secunia Advisory: SA23581 Secunia Advisory: SA24479 Secunia Advisory: SA22467 Secunia Advisory: SA25467 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0009.html OSVDB 29863 MISC http://www.rapid7.com/advisories/R7-0026.jsp CONFIRM http://docs.info.apple.com/article.html?artnum=305214 http://www.adobe.com/support/security/advisories/apsa06-01.html http://www.adobe.com/support/security/bulletins/apsb06-18.html CERT http://www.us-cert.gov/cas/techalerts/TA07-072A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/448997/100/0/threaded BID 20592 APPLE http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Return to the previous page.