Adobe updates Shockwave for 5 critical vulnerabilities


From the ‘Shocking Updates‘ files:

Adobe Shockwave users, it’s time to update.

Adobe has issued an updated version of its Shockwave Player to address 5 critical vulnerabilities. The flaws affect  Adobe Shockwave Player and prior versions. The new version is numbered

“The vulnerabilities could allow an
attacker, who successfully exploits the vulnerabilities, to run
malicious code on the affected system,” Adobe stated in its

Two of the vulnerabilities deal with invalid pointer issues that could lead to arbitrary code execution.

Arbitrary code execution is also the potential end result for two of the other flaws fixed by Adobe in this new Shockwave update. There is an invalid index issue that could also lead to code execution vulnerabilities. As well there is an invalid string length vulnerability
that has now been addressed.

A potential Denial of Service (DoS) attack vector is fixed in the Shockwave Player release thanks to a fix for a boundary condition issue.

The  Shockwave Player is the third security update for the Adobe product this year.

In June, Adobe issued the update fixing a critical zero day flaw. That update was followed in July with the update which was related to Microsoft’s Active Template Library (ATL) fixes made at the same time.

News Around the Web