Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Flash update available

Published: 2006-11-14
Last Updated: 2006-11-14 23:58:33 UTC
by Swa Frantzen (Version: 2)
0 comment(s)
Adobe has relased an update for a vulnerability in their Flash player.

CVE number is CVE-2006-5330, which isn't included in this month's MS06-069 adobe update from Microsoft.

http://www.adobe.com/support/security/bulletins/apsb06-18.html

Yet another thing to patch in the next few days.

Affected versions include 9.x, 8.x and 7.x .

If -after reading the adobe announcement are left wondering what modified HTTP headers of client requests can do to cause HTTP Request Splitting attacks, or what those are to start with, take a look at e.g.:
http://en.wikipedia.org/wiki/HTTP_Response_splitting

--
Swa Frantzen -- Section 66
Keywords: adobe flash
0 comment(s)
Diary Archives