CVE-2006-5330
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
17/10/2006
Last modified:
23/04/2026
Description
CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks via CRLF sequences in arguments to the ActionScript functions (1) XML.addRequestHeader and (2) XML.contentType. NOTE: the flexibility of the attack varies depending on the type of web browser being used.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:flash_player:*:*:linux:*:*:*:*:* | 7.0.63 (including) | |
| cpe:2.3:a:adobe:flash_player:*:*:solaris:*:*:*:*:* | 7.0_r67 (including) | |
| cpe:2.3:a:adobe:flash_player:*:*:windows:*:*:*:*:* | 9.0.16 (including) | |
| cpe:2.3:a:adobe:flash_player:*:*:mac_os_x:*:*:*:*:* | 9.0.28.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html
- http://secunia.com/advisories/22467
- http://secunia.com/advisories/23324
- http://secunia.com/advisories/23581
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/25467
- http://securityreason.com/securityalert/1737
- http://securitytracker.com/id?1017078
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1
- http://www.adobe.com/support/security/advisories/apsa06-01.html
- http://www.adobe.com/support/security/bulletins/apsb06-18.html
- http://www.osvdb.org/29863
- http://www.rapid7.com/advisories/R7-0026.jsp
- http://www.redhat.com/support/errata/RHSA-2007-0009.html
- http://www.securityfocus.com/archive/1/448997/100/0/threaded
- http://www.securityfocus.com/bid/20592
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2006/4094
- http://www.vupen.com/english/advisories/2007/0930
- http://www.vupen.com/english/advisories/2007/1999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29634
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://lists.suse.com/archive/suse-security-announce/2006-Dec/0006.html
- http://secunia.com/advisories/22467
- http://secunia.com/advisories/23324
- http://secunia.com/advisories/23581
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/25467
- http://securityreason.com/securityalert/1737
- http://securitytracker.com/id?1017078
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102932-1
- http://www.adobe.com/support/security/advisories/apsa06-01.html
- http://www.adobe.com/support/security/bulletins/apsb06-18.html
- http://www.osvdb.org/29863
- http://www.rapid7.com/advisories/R7-0026.jsp
- http://www.redhat.com/support/errata/RHSA-2007-0009.html
- http://www.securityfocus.com/archive/1/448997/100/0/threaded
- http://www.securityfocus.com/bid/20592
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2006/4094
- http://www.vupen.com/english/advisories/2007/0930
- http://www.vupen.com/english/advisories/2007/1999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29634
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11405