CVE-2006-5330Cross-site Scripting in Adobe Flash Player

CWE-79Cross-site Scripting5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
17.4%
top 4.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Flash Player
Timeline
PublishedOct 17
Latest updateMay 1

Description

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDadobe/flash_player7.0.63+3

🔴Vulnerability Details

1
GHSA
GHSA-q79c-rmvv-p2vj: CRLF injection vulnerability in Adobe Flash Player plugin 92022-05-01

📋Vendor Advisories

1
Red Hat
security flaw2006-10-17

💬Community

2
Bugzilla
CVE-2006-5330 security flaw2018-08-16
Bugzilla
CVE-2006-5330 Flash Player HTTP header injection2006-12-08