Adobe patch 18 critical holes in Shockwave Player
Adobe have released Adobe Shockwave Player 220.127.116.112 to close 18 critical holes on Windows and Mac OS X systems. The vulnerabilities, which mostly allow for remote code execution, exist in all versions up to and including Shockwave Player 18.104.22.1689.
The flaws include invalid memory seeking and corruption when processing Director movies and appear to all require a user to visit or open a web page containing a manipulated movie file, to be exploited. Some denial of service issues have been fixed, one of which may lead to arbitrary code execution, although Adobe have been unable to demonstrate it doing so. Adobe say the update is a critical update and recommend installation as soon as possible. The updated version of Shockwave Player is available to download.
- Security update available for Shockwave Player, advisory from Adobe.