In association with heise online

19 October 2006, 15:16

Adobe confirms security vulnerability in Flash Player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Using prepared Flash files placed on websites, attackers could manipulate http headers and carry out http request splitting attacks in the Adobe Flash Player. Abode confirms, in response to a security advisory from Rapid7, that this would enable an attacker to disable internet applications or insert commands into these applications.

Adobe Flash Player versions 9.x, 8.x and 7.x for all platforms are affected. Flash Player versions 6 and older and the current 9.x Beta version do not contain the bug. According to reports, Adobe is already working on a solution. Until then, users should either update the Flash plugin to the latest Beta version, uninstall it or only permit trusted sites to use Flash.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit