Adobe Flash Player HTTP Header CRLF Injection

2006-10-17T10:33:42
ID OSVDB:29863
Type osvdb
Reporter Marc Bevand()
Modified 2006-10-17T10:33:42

Description

Vulnerability Description

Flash Player contains a flaw related to the sanitization of input passed to the XML.addRequestHeader function and the XML.contentType attribute. Successful exploitation of this vulnerability would allow an attacker to perform cross-site request forgery, thus bypassing normal domain security measures. No further details have been provided.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Flash Player contains a flaw related to the sanitization of input passed to the XML.addRequestHeader function and the XML.contentType attribute. Successful exploitation of this vulnerability would allow an attacker to perform cross-site request forgery, thus bypassing normal domain security measures. No further details have been provided.

References:

Vendor Specific Advisory URL Security Tracker: 1017078 Secunia Advisory ID:23324 Secunia Advisory ID:22467 Secunia Advisory ID:23581 Secunia Advisory ID:25467 RedHat RHSA: RHSA-2007:0009 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html Other Advisory URL: http://www.rapid7.com/advisories/R7-0026.jsp Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0348.html Mail List Post: http://www.securityfocus.com/archive/1/archive/1/448997/100/0/threaded ISS X-Force ID: 29634 FrSIRT Advisory: ADV-2006-4094 CVE-2006-5330 Bugtraq ID: 20592