Adobe updates Shockwave for 5 critical vulnerabilities
From the 'Shocking Updates' files:
Adobe Shockwave users, it's time to update.
Adobe has issued an updated version of its Shockwave Player to address 5 critical vulnerabilities. The flaws affect Adobe Shockwave Player
220.127.116.111 and prior versions. The new version is numbered 18.104.22.1682.
"The vulnerabilities could allow an
attacker, who successfully exploits the vulnerabilities, to run
malicious code on the affected system," Adobe stated in its advisory.
Arbitrary code execution is also the potential end result for two of the other flaws fixed by Adobe in this new Shockwave update. There is an invalid index issue that could also lead to code execution vulnerabilities. As well there is an invalid string length vulnerability
that has now been addressed.
A potential Denial of Service (DoS) attack vector is fixed in the Shockwave Player 22.214.171.1242 release thanks to a fix for a boundary condition issue.
The Shockwave Player 126.96.36.1992 is the third security update for the Adobe product this year.
In June, Adobe issued the 188.8.131.520 update fixing a critical zero day flaw. That update was followed in July with the 184.108.40.2061 update which was related to Microsoft's Active Template Library (ATL) fixes made at the same time.