CVE-2006-5330 Information

Description

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows 7.0.63 and earlier for Linux 7.x before 7.0 r67 for Solaris and before 9.0.28.0 for Mac OS X allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

Reference

http://docs.info.apple.com/article.html?artnum=305214 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html http://secunia.com/advisories/22467 http://secunia.com/advisories/23324 http://secunia.com/advisories/23581 http://secunia.com/advisories/24479 http://secunia.com/advisories/25467 http://securityreason.com/securityalert/1737 http://securitytracker.com/id?1017078 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 http://www.adobe.com/support/security/advisories/apsa06-01.html http://www.adobe.com/support/security/bulletins/apsb06-18.html http://www.osvdb.org/29863 http://www.rapid7.com/advisories/R7-0026.jsp http://www.redhat.com/support/errata/RHSA-2007-0009.html http://www.securityfocus.com/archive/1/448997/100/0/threaded http://www.securityfocus.com/bid/20592 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2006/4094 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/1999 https://exchange.xforce.ibmcloud.com/vulnerabilities/29634 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11405