Adobe fixes critical Shockwave vulnerabilities
Numerous critical flaws in Shockwave, which could allow an attacker to inject malicious code into a system, have been closed by Adobe with the release of Shockwave Player 11.6.8.638 for Windows and Macintosh systems. Overall, the vulnerabilities have six CVE numbers assigned to them (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-4176, CVE-2012-5273) and are mostly buffer overflows with one array out of bounds vulnerability.
Adobe has said that the update is a priority 2 issue. The company recommends users update their installations as soon as is possible, but notes there are no known Shockware exploits in the wild for these flaws.
(djwm)