On CBS MoneyWatch: What Not to Buy at Walmart
BNET Business Network:
BNET
TechRepublic
ZDNet

November 3rd, 2009

Adobe Shockwave haunted by critical security holes

Posted by Ryan Naraine @ 12:12 pm

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code, Flash, Malware, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Viruses and Worms, Vulnerability research

Tags: Adobe Systems Inc., Shockwave, Vulnerability, Shockwave Player, Security, Ryan Naraine

Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.

The update, which is rated “critical,” addresses a total of five documented vulnerabilities.  The most serious flaw could allow remote code execution attacks against Windows and Mac users.
From Adobe’s bulletin:

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.

The update applies to Shockwave Player 11.5.1.601 and earlier versions.  Adobe’s patch can be downloaded here.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 25 Talkback(s)
Honeymonster, do you even know what Shockwave is?
It's a browser plugin. So yes of course it's ran
in a browser. What's your point? (Read the rest)
Posted by: AzuMao Posted on: 11/06/09 You are currently: a Guest | | Terms of Use
Adobe Shockwave haunted by critical security holes  the_fiddler_on_the_roof | 11/03/09
Shockware would be no different than let me say Active X.  Intellihence | 11/03/09
Oh there's another 'winner' right there...  Wintel BSOD | 11/03/09
No way. This crap is bad, but it doesn't touch ActiveX's level of fail.  AzuMao | 11/04/09
Wow  AzuMao | 11/03/09
You sir are a card of the same deck.  Intellihence | 11/03/09
It's all Apple's fault  Wintel BSOD | 11/03/09
How does it feel hitting  Stan57 | 11/03/09
Do you have problems reading?  AzuMao | 11/04/09
Only people using Windows or Mac are affected  honeymonster | 11/04/09
Re. There is no Shockwave.  Bilmekanikeren | 11/04/09
Didn't take you long...  Wintel BSOD | 11/04/09
Apple?  honeymonster | 11/04/09
Explanation  AzuMao | 11/05/09
If you don't know by now...  Wintel BSOD | 11/05/09
Do you have any point whatsoever?  AzuMao | 11/04/09
Yes, a big plus for Linux is that it has  honeymonster | 11/05/09
Bzzzt, try again.  AzuMao | 11/05/09
Bzzzt. Try again  honeymonster | 11/05/09
I would disagree!  vilppuu@... | 11/06/09
Honeymonster, do you even know what Shockwave is?  AzuMao | 11/06/09
Dear Adobe...  Agnostic_OS | 11/04/09
RE: Adobe Shockwave haunted by critical security holes  Rick_H | 11/04/09
RE: Adobe Shockwave haunted by critical security holes  anovelo | 11/04/09
Dear every other software maker,  AzuMao | 11/04/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here