Info

Disclosure

Oct 17, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Flash Player contains a flaw related to the sanitization of input passed to the XML.addRequestHeader function and the XML.contentType attribute. Successful exploitation of this vulnerability would allow an attacker to perform cross-site request forgery, thus bypassing normal domain security measures. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Infrastructure
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Adobe Systems Incorporated	Flash Player	7.x
		8.x
		9.x

References

Security Tracker: 1017078
CVE ID: 2006-5330 (see also: NVD)
Bugtraq ID: 20592
Secunia Advisory ID: 22467 23324 23581 25467
SCIP VulDB ID: 2621
ISS X-Force ID: 29634
VUPEN Advisory: ADV-2006-4094
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0348.html
http://www.securityfocus.com/archive/1/archive/1/448997/100/0/threaded
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=305214
http://www.adobe.com/support/security/advisories/apsa06-01.html
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1
http://www.rapid7.com/advisories/R7-0026.jsp
RedHat RHSA: RHSA-2007:0009

Credit

Marc Bevand - Rapid7

Direct URL: http://osvdb.org/29863

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Adobe Systems Incorporated

Flash Player

References

Credit