Secunia Security Advisory - Rapid7 has reported some vulnerabilities in Adobe Flash Player, which can be exploited by malicious people to bypass certain restrictions.
1ae7f88a3a8559be212ee7ad465a66055f407fac8131f6d5c25957cb753d5414
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Adobe Flash Player CRLF Injection Vulnerabilities
SECUNIA ADVISORY ID:
SA22467
VERIFY ADVISORY:
http://secunia.com/advisories/22467/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From remote
SOFTWARE:
Adobe Flash Player 9.x
http://secunia.com/product/11901/
Macromedia Flash Player 7.x
http://secunia.com/product/2634/
Macromedia Flash Player 8.x
http://secunia.com/product/6153/
DESCRIPTION:
Rapid7 has reported some vulnerabilities in Adobe Flash Player, which
can be exploited by malicious people to bypass certain restrictions.
Input passed to the "XML.addRequestHeader()" ActionScript function
and the "XML.contentType" attribute is not properly sanitised before
being used. This can be exploited to bypass certain restrictions via
CRLF character sequences and inject arbitrary HTTP headers in a
request.
Successful exploitation may e.g. make it easier to perform CSRF
(Cross-Site Request Forgery) attacks.
The vulnerabilities are reported in version 9.0.16 for Windows and
7.0.63 for Linux. According to the vendor, all current versions from
7.x through 9.x are affected.
SOLUTION:
The vendor is currently working on a fixed version.
PROVIDED AND/OR DISCOVERED BY:
Marc Bevand, Rapid7.
ORIGINAL ADVISORY:
Adobe Systems:
http://www.adobe.com/support/security/advisories/apsa06-01.html
Rapid7:
http://www.rapid7.com/advisories/R7-0026.jsp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------