Update available for HTTP Header Injection Vulnerabilities in Adobe Flash Player
Release date: November 14, 2006
Vulnerability identifier: APSB06-18
CVE number: CVE-2006-5330
Platform: All Platforms
Adobe has provided a Flash Player 9 update to resolve vulnerabilities in Flash Player. These vulnerabilities would allow remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks.
Affected software versions
Adobe Flash Player 9.x, 8.x, and 7.x. The custom-header addition feature was added starting with Adobe Flash Player 7, thus Flash Player 6 and earlier are not affected.
Adobe recommends all users of Adobe Flash Player 220.127.116.11 and earlier versions upgrade to the newest version 18.104.22.168, by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.
For customers who cannot upgrade to Adobe Flash Player 9, Adobe is working on updates to previous versions that will resolve this issue