In association with heise online

12 May 2010, 10:56

Adobe patches 18 holes in Shockwave Player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Logo Adobe has released update for its Shockwave Player. The update fixes 18 security vulnerabilities, 17 of which Adobe classes as critical, as they allow crafted websites to inject and execute code. The problems are caused by buffer and integer overflows and memory errors in a range of functions for processing.

Shockwave Player offers additional features over and above those offered by Flash Player. It is typically used to display more complex and interactive presentations, games and other applications and, like Flash Player, is available as a browser plug-in. Adobe's naming convention (the Firefox Flash Player plug-in is called "Shockwave Flash") is the cause of some confusion among users. The majority of users just have Flash Player and are not affected by the vulnerabilities. However, Adobe's install for Shockwave always installs Flash Player alongside the Shockwave Player. A test to check whether Shockwave is installed is available online: Test Adobe Shockwave Player.

Adobe has also released security fixes for ColdFusion (8.0, 8.0.1, 9.0 on all supported operating systems) which fix two cross-site scripting vulnerabilities and a data leak.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit