Security vulnerabilities in the Adobe Flash Player product shipped with Solaris 10 may allow remote users who create applications that are viewed with the Flash Player to generate unauthorized HTTP requests from the affected host by inserting arbitrary HTTP headers. This could assist in activities such as HTTP Request Splitting attacks.

These issues are described in the following documents:

• APSB06-18 at: http://www.adobe.com/support/security/bulletins/apsb06-18.html
• CVE-2006-5330 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5330

These issues can occur in the following releases:

SPARC Platform

• Solaris 10 without patch 125332-01

x86 Platform

• Solaris 10 without patch 125333-01

Note 1: Solaris 8 and Solaris 9 are not affected by this issue.

Note 2: This issue can occur in Adobe Flash Player 7.x for Solaris 10 prior to 7.0 r67

The Adobe Flash Player shipped with Solaris 10 is a Web Browser plugin, meaning that the Web Browser should be used to determine the version of the Flash Player in use. For example, when using the Mozilla Browser, visit the following URL:

    about:plugins

and search for the Flash Player in the list of plugins.

There are no predictable symptoms that would indicate the described issues have been exploited.

There is no workaround for this issue, please see the resolution section below.

This issue is addressed in the following releases:

SPARC Platform

• Solaris 10 with patch 125332-01 or later

x86 Platform

• Solaris 10 with patch 125333-01 or later

Note: The above listed patches will upgrade the Flash Player to version 7.0 r67.

This solution has no attachment