Adobe Shockwave Player Patch Coming Oct. 28

 
 
By Brian Prince  |  Posted 2010-10-27 Email Print this article Print
 
 
 
 
 
 
 

Adobe is prepping a patch for a security bug in Shockwave Player that is now under attack.

Adobe Systems is planning to patch a critical vulnerability Oct. 28 in response to the appearance of attacks.

Adobe originally issued an advisory on the bug Oct. 21. The vulnerability exists in Shockwave Player 11.5.8.612 and earlier, and affects both Windows and Macintosh computers.

Attackers can exploit the issue to cause a crash and allow an attacker to take control of a vulnerable system, Adobe warned. Though Adobe initially said it had not seen any attacks, an updated advisory released Oct. 27 reports that the vulnerability is now being targeted.

According to Secunia, the vulnerability is caused by "an array-indexing error in the handling of a certain record value in a 'rcsL' chunk and can be exploited to use an arbitrary dword in memory as a function pointer via a specially crafted Director file."

Secunia advised Shockwave Player users to avoid untrusted Websites, while Adobe recommended that users ensure that their machines are fully patched.


 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel