Adobe Security Bulletin APSB06-18 – Vulnerabilities in Flash Player

Update available for HTTP Header Injection Vulnerabilities in Adobe Flash Player
Release date: November 14, 2006
Vulnerability identifier: APSB06-18
CVE number: CVE-2006-5330
Platform: All Platforms


Summary


Adobe has provided a Flash Player 9 update to resolve vulnerabilities in Flash Player. These vulnerabilities would allow remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks.
Affected software versions


Adobe Flash Player 9.x, 8.x, and 7.x. The custom-header addition feature was added starting with Adobe Flash Player 7, thus Flash Player 6 and earlier are not affected.


Solution


Adobe recommends all users of Adobe Flash Player 9.0.20.0 and earlier versions upgrade to the newest version 9.0.28.0, by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.


For customers who cannot upgrade to Adobe Flash Player 9, Adobe is working on updates to previous versions that will resolve this issue


http://www.adobe.com/support/security/bulletins/apsb06-18.html

Leave a Reply