Adobe Flash Player Plugin HTTP Header Injection Weakness

Adobe Flash Player Plugin HTTP Header Injection Weakness

Adobe Flash Player Plugin is prone to a weakness that permits the injection of arbitrary HTTP headers because it fails to sanitize user-supplied input.

A successful attack may allow attackers to perform arbitrary HTTP requests facilitating cross-site request forgery, cross-site scripting, HTTP request smuggling, and other attacks.

Since this weakness would typically be used as one component in a larger attack scenario, the consequences of an attack will depend on the vulnerabilities exploited along with this weakness.

Version 9.0.16 for Windows and 7.0.63 for Linux are affected by this issue.