Adobe updates Shockwave for 5 critical vulnerabilities
From the 'Shocking Updates' files:
Adobe Shockwave users, it's time to update.
Adobe has issued an updated version of its Shockwave Player to address 5 critical vulnerabilities. The flaws affect Adobe Shockwave Player
126.96.36.1991 and prior versions. The new version is numbered 188.8.131.522.
"The vulnerabilities could allow an
attacker, who successfully exploits the vulnerabilities, to run
malicious code on the affected system," Adobe stated in its advisory.
Arbitrary code execution is also the potential end result for two of the other flaws fixed by Adobe in this new Shockwave update. There is an invalid index issue that could also lead to code execution vulnerabilities. As well there is an invalid string length vulnerability
that has now been addressed.
A potential Denial of Service (DoS) attack vector is fixed in the Shockwave Player 184.108.40.2062 release thanks to a fix for a boundary condition issue.
The Shockwave Player 220.127.116.112 is the third security update for the Adobe product this year.
In June, Adobe issued the 18.104.22.1680 update fixing a critical zero day flaw. That update was followed in July with the 22.214.171.1241 update which was related to Microsoft's Active Template Library (ATL) fixes made at the same time.