On The Insider: Britney's Bikini-Clad Top 10
BNET Business Network:
BNET
TechRepublic
ZDNet

June 24th, 2009

Critical Adobe Shockwave flaw affects millions

Posted by Ryan Naraine @ 9:41 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Malware, Patch Watch, Pen testing, Phishing, Rootkits, Viruses and Worms, Vulnerability research

Tags: Adobe Systems Inc., Shockwave, Shockwave Player, Security, Ryan Naraine

Adobe’s Shockwave Player contains a critical vulnerability that could be exploited by remote hackers to take complete control of Windows computers, according to a warning from the software maker.

The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions. Details from Adobe’s advisory:

This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system.  Adobe has provided a solution for the reported vulnerability (CVE-2009-1860).  This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content.  To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600, available here: http://get.adobe.com/shockwave/.  This issue is remotely exploitable.

Adobe boasts that 450 million Internet-enabled desktops have installed Adobe Shockwave Player.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 102 Talkback(s)
When something general purpose surpasses something specific purpose at
what it's best at, that isn't flattering to the
latter in any regard. (Read the rest)
Posted by: AzuMao Posted on: 11/03/09 You are currently: a Guest | | Terms of Use
Another  Erroneous | 06/24/09
Adobe updates  ptcruiser70663 | 06/24/09
I've never had an Adobe update fail on me  Lerianis10 | 07/01/09
Windows Update...  JoeMama_z | 06/24/09
It can be done  mswift@... | 06/24/09
You're kidding..  Cravon | 06/24/09
I addressed this in my origional post...  JoeMama_z | 06/24/09
This system works for Linux  pfyearwood | 06/30/09
What! you mean do it the Linux way?!?!?!?!  PCLinuxOS(user) | 06/24/09
hopefully better...  JoeMama_z | 06/24/09
Linux Updates (Re: Linux Mint)  joe.smetona@... | 06/27/09
To whit Microsoft replies...  readwryt@... | 06/25/09
It's detrimental  AzuMao | 06/26/09
I agree with you;  AzuMao | 06/30/09
So much for "quarterly updates"  honeymonster | 06/24/09
Quarterly patches  Ryan NaraineZDNet Moderator | 06/24/09
My bad then  honeymonster | 06/25/09
I had to look at the side of a milk cartoon to remember what Shockwave was  maskman01 | 06/24/09
Help me out here.  Timewellwasted | 06/24/09
No Shockwave here  Alzie | 06/24/09
SMACK!  Timewellwasted | 06/24/09
On some game sites...  Greenknight_z | 06/25/09
You ARE correct. Shockwave files are not from FLASH IDE...  sstevens2006 | 06/25/09
RE: Critical Adobe Shockwave flaw affects millions  baumgrenze | 06/24/09
RE: Critical Adobe Shockwave flaw affects millions  MowGreen | 06/24/09
Flash insecurity, so what else is new?  Spiritusindomit@... | 06/24/09
Shockwave insecurity this time, actually.  AzuMao | 06/26/09
How about how do you determine what version you have ?  sgmunson | 06/24/09
Adobe spread to thin  webstalkers@... | 06/24/09
Same thing every popular Software is doing.  Timewellwasted | 06/24/09
Not necessarily.  AzuMao | 06/26/09
RE: Adobe spread too thin  X-Doomer | 06/25/09
Agreed.  AzuMao | 06/26/09
Shockwave vs. Flash -- can someone explain the difference?  Vesicant | 06/24/09
The difference  Greenknight_z | 06/25/09
Right in one  Lerianis10 | 07/01/09
because there are still siblings.  magallanes | 06/25/09
Because flash was originally a subset of it.  AzuMao | 06/26/09
"a backwards compatibility mode variation"  David Hamilton | 06/24/09
I think he meant  AzuMao | 06/26/09
Ryan, more info about this issue?  JoeMama_z | 06/24/09
RE: Critical Adobe Shockwave flaw affects millions  Ebsan | 06/24/09
hope it installs better than last Reader update  Jim Johnson | 06/24/09
PDF xchange  JoeMama_z | 06/24/09
Get used to it.  AzuMao | 06/26/09
Linux not affected (probably)  onetwothreemike | 06/24/09
RE: Linux not affected (probably)  X-Doomer | 06/25/09
Uh-huh  AzuMao | 06/25/09
Warning: The Abobe site has the wrong download!  Smart_Neuron | 06/24/09
I think U misread  iceman884@... | 06/24/09
Regarding my post.  Smart_Neuron | 06/24/09
As a system admin / network admin...  GoldfishZero99 | 06/24/09
RE: Critical Adobe Shockwave flaw affects millions  Cravon | 06/24/09
RE: Critical Adobe Shockwave flaw affects millions  anovelo | 06/24/09
RE: Uninstallers  Greenknight_z | 06/25/09
Or C:\Windows\SysWOW64\Macromed\Flash if you have a 64bit OS  AzuMao | 06/26/09
Wrong  AzuMao | 06/26/09
comment based on  anovelo | 11/03/09
When something general purpose surpasses something specific purpose at  AzuMao | 11/03/09
RE: Critical Adobe Shockwave flaw affects millions  mogur2 | 06/24/09
To test  Greenknight_z | 06/25/09
Re: Critical Adobe Shockwave flaw affects millions . Question Please?  MRWoltz | 06/24/09
none  richard233 | 06/24/09
This time, anyways.  AzuMao | 06/24/09
Thank you  MRWoltz | 06/25/09
The difference between Flash and Shockwave.  richard233 | 06/24/09
For the love of god  AzuMao | 06/24/09
RE: Critical Adobe Shockwave flaw affects millions  sstevens2006 | 06/25/09
Adobe is fudging the numbers  djchandler | 06/25/09
Agreed  AzuMao | 06/26/09
Get rid of it!  metanis@... | 06/25/09
At last, a useful comment!  bishofthedump | 06/25/09
... of WINDOWS users  comp_indiana | 06/25/09
It's bout time that Adobe learnt to programme.  James29UK | 06/26/09
You are right.  joe.smetona@... | 06/26/09
Security not the only problem  Kaiwai | 06/26/09
Let's put things in perspective here.  AzuMao | 06/26/09
They are sandboxed..  AzuMao | 06/26/09
I now longer like Adobe.  deowll | 06/26/09
Suggestion, you can keep Windows happy  joe.smetona@... | 06/26/09
RE: Critical Adobe Shockwave flaw affects millions  ckl_88 | 06/26/09
Don't forget Microsoft  AzuMao | 06/26/09
Shockwave is not available for Linux  bpatin@... | 06/26/09
Just run a windows browser under WINE and install Shockwave on that.  AzuMao | 06/26/09
I've worked with it briefly.  joe.smetona@... | 06/27/09
RE: Critical Adobe Shockwave flaw affects millions  dennis.london@... | 06/26/09
Um..  AzuMao | 06/26/09
Sounds good, but...  joe.smetona@... | 06/27/09
You're wrong  AzuMao | 06/27/09
Actually, no one can know for sure what was done.  joe.smetona@... | 06/27/09
Never Fails!  lwetzel | 06/29/09
Who here said they don't use MS?  AzuMao | 06/29/09
You are way out of your league here....NT...  joe.smetona@... | 06/29/09
Funny  fernande-zdnet | 06/29/09
Can't  AzuMao | 06/29/09
Ummmmmmmmmmm...................  Alro | 06/29/09
You spoke too soon happy  joe.smetona@... | 06/29/09
RE: Critical Adobe Shockwave flaw affects millions  jackie40d@... | 06/29/09
So I checked and since I didn't have Shockwave installed....  readwryt@... | 06/29/09
RE: Critical Adobe Shockwave flaw affects millions  Johnterry | 06/29/09
Re: Don't put Adobe in Automatic Updates, too many problems already.  joe.smetona@... | 07/04/09
RE: Critical Adobe Shockwave flaw affects millions  bonnielou432 | 07/16/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline