Wednesday, April 16, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Researchers Hack Galaxy S5's Fingerprint Scanner
Pioneer's Car Multimedia Systems To Support Apple's CarPlay
Broadcom Doubles Wi-Fi Speed of Devices
Sony Offers New BRAVIA 4K TV Line-Up, Media Player and Content Options
Corning USB 3.Optical Cables Now Available
Toshiba 4K Ultra HD Laptop Retails For $1500
BlackBerry Invests in NantHealth
Ricoh Releases 51.4-Mpixel Pentax 645Z SLR Camera
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Vulnera...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, October 17, 2006
Vulnerabilities Discovered in Adobe Flash Player Plugin


These vulnerabilities could be used in concert with cross-site request forgery (CSRF) vulnerabilities to steal cookies or other private information

Two vulnerabilities found in Adobe Flash Player provide opportunity to attackers to send arbitrary HTTP requests from an unsuspecting user's browser, reports Rapid7 LLC in a security advisory published today (see http://www.rapid7.com/advisories/R7-0026.jsp). Adobe Flash Player version 9.0.16 for Windows and version 7.0.63 for Linux, as well as earlier versions, are affected.

The exploits can be carried out through the vulnerabilities when Flash is used with the following browser/operating system combinations:

- Internet Explorer (IE) 6 Service Pack 2 (IE 6, Security Version 1) for Windows (with Flash 9.0.16)

- Firefox 1.5.0.6 for Windows (with Flash 9.0.16)

- Firefox 1.5.0.6 for Linux (with Flash 7.0.63)

The two vulnerabilities reported are as follows:

XML.addRequestHeader() Vulnerability

The addRequestHeader() method insufficiently secures itself, providing a way around a security restriction that does not permit developers to use addRequestHeader() to set headers such as Host, Referer or Content-Length. As a result, it is possible to inject arbitrary headers with HTTP requests. The Rapid7 security paper points out that this vulnerability is similar to other, previously-reported vulnerabilities in Adobe Flash 7 and 8.

XML.contentType Vulnerability

The XML.contentType attribute contains the same vulnerability found in the addRequestHeader() and it can be exploited in the same way because Adobe Flash does not check the validity of the attribute?s value before building the HTTP request.

According to Rapid7, Adobe was notified of the vulnerabilities but has not yet released a fix or upgrade to Adobe Flash Player. To protect from the risk of attack, Rapid7 offers four solutions in the interim:

- Upgrade to the beta version (Flash Player 9.0.18d60 for Windows), which is fixed;

- Only allow trusted Websites to use Flash;

- Use alternative Flash Plugins (GplFlash, Gnash);

- Uninstall Adobe Flash Player.

According to Adobe, there are 700 million Adobe Flash users worldwide.


Previous
Next
Saitek Launches the X52 Pro        All News        EA Assaults Retail Shelves With Battlefield 2142
Norton Internet Security 2007 Wins PC Magazine Editors Choice Award     General Computing News      NEC to Launch SX-8R - World's Fastest Vector Supercomputer

Get RSS feed Easy Print E-Mail this Message

Related News
Kingston Ships Dual Interface USB Drives
Toshiba Announces the TransMemory Pro USB 3.0 Flash Drive
Sandisk Announces The Extreme PRO And Dual USB Flash Drives
Adobe Photoshop CC Brings Support For 3D Printing
Sony's New USB Flash Drive Delivers 2-in-1 Functionality
Hackers Stole Account Info of 38 million Adobe Users
LaCie and Porsche Design Introduce Sleek USB 3.0 Key
Hackers Steal Data From Millions Of Adobe Customers
Toshiba Introduces USB 3.0 Flash Drives and Micro SD Memory Cards
Adobe Revamps Photoshop Element, Premiere Elements
Memorex Adds New Models To Its Fun Series Line of USB Flash Drives
Sandisk Launches First CFAST 2.0 Memory Card

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .