In association with heise online

23 October 2012, 17:09

Adobe fixes critical Shockwave vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Shockwave icon Numerous critical flaws in Shockwave, which could allow an attacker to inject malicious code into a system, have been closed by Adobe with the release of Shockwave Player for Windows and Macintosh systems. Overall, the vulnerabilities have six CVE numbers assigned to them (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-4176, CVE-2012-5273) and are mostly buffer overflows with one array out of bounds vulnerability.

Adobe has said that the update is a priority 2 issue. The company recommends users update their installations as soon as is possible, but notes there are no known Shockware exploits in the wild for these flaws.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit