Flash Player HTTP Header CRLF Injection (APSB06-18)
Medium Nessus Plugin ID 23869
SynopsisThe remote Windows host contains a browser plugin that is affected by multiple HTTP header injection issues.
DescriptionAccording to its version number, the instance of Flash Player on the remote Windows host contains two ways for a remote attacker to perform arbitrary HTTP requests while controlling most of the HTTP headers. A remote attacker may be able to leverage these issues to conduct cross-site request forgery attacks against a user who visits a malicious website.
SolutionUpgrade to Flash Player version 18.104.22.168 / 22.214.171.124 / 126.96.36.199 or later.