Adobe patches critical vulnerabilities in Shockwave Player
Adobe has released an update to its Shockwave Player to address five critical vulnerabilities, four of which could allow an attacker to inject and execute malicious code on affected systems. The vulnerabilities were discovered by the French security services provider VUPEN Security and, for an attack to be successful, a victim must first visit a specially crafted site. Adobe Shockwave Player versions up to and including 11.5.2.601 are affected. Version 11.5.2.602 addresses the issues and is available to download for Windows and Mac OS X. Adobe recommends that all users update to the latest release as soon as possible.
The Adobe Shockwave Player is a quasi big brother of the Flash Player and includes a much wider range of functions. Typically, it's used for more complex, interactive presentations, games and other applications. It's likely that most users only have the Adobe Flash Player installed, which is reportedly not affected. Installing the Shockwave Player automatically installs Adobe's Flash Player.
See also:
- Adobe Shockwave Player Multiple Code Execution Vulnerabilities, advisory from VUPEN.
- Security updates available for Shockwave Player, security bulletin from Adobe.
(crve)