CVE-2006-5330

Name of the Vulnerable Software and Affected Versions Adobe Flash Player plugin versions 9.0.16 and earlier for Windows Adobe Flash Player plugin versions 7.0.63 and earlier for Linux Adobe Flash Player plugin versions 7.x before 7.0 r67 for Solaris Adobe Flash Player plugin versions before 9.0.28.0 for Mac OS X

Description The issue allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions XML.addRequestHeader and XML.contentType. The flexibility of the attack varies depending on the type of web browser being used.

Recommendations For Adobe Flash Player plugin version 9.0.16 and earlier for Windows, update to a version later than 9.0.16. For Adobe Flash Player plugin version 7.0.63 and earlier for Linux, update to a version later than 7.0.63. For Adobe Flash Player plugin version 7.x before 7.0 r67 for Solaris, update to version 7.0 r67 or later. For Adobe Flash Player plugin version before 9.0.28.0 for Mac OS X, update to version 9.0.28.0 or later.