Adobe Flash Player prior to 9.0.277.0 and 10.x prior to 10.1.53.64, and Adobe AIR prior to 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash player 9.0.45.0 |
||
adobe flash player 10.0.12.10 |
||
adobe flash player 9.0.115.0 |
||
adobe flash player 9.0.112.0 |