flashplugin
Page content
- Author: voroskoi
- Vulnerable: 7.0r68-1siwenna1
- Unaffected: 9.0.31.0-1siwenna1
Rapid7 has reported some vulnerabilities in Adobe Flash Player, which can be exploited by malicious people to bypass certain restrictions. Input passed to the “XML.addRequestHeader()” ActionScript function and the “XML.contentType” attribute is not properly sanitised before being used. This can be exploited to bypass certain restrictions via CRLF character sequences and inject arbitrary HTTP headers in a request. Successful exploitation may e.g. make it easier to perform CSRF (Cross-Site Request Forgery) attacks.
- Bug Tracker URL: http://bugs.frugalware.org/task/1337