Critical Adobe Shockwave Player Vulnerability Surfaces

 
 
By Brian Prince  |  Posted 2010-10-22 Email Print this article Print
 
 
 
 
 
 
 

Adobe Systems issues a security advisory about a bug affecting Shockwave Player on both Windows and Mac machines.

Adobe Systems is warning users about a critical bug in Shockwave Player that impacts both Macintosh and Windows computers.

Adobe issued an advisory about the bug Oct. 21. According to Adobe, the vulnerability exists in Shockwave Player 11.5.8.612 and earlier, and could be exploited to "cause a crash and potentially allow an attacker to take control of the affected system."

At the moment, Adobe said it is "not aware of any attacks" exploiting the bug, though "details about the vulnerability have been disclosed publicly."

A Secunia advisory about the Shockwave vulnerability said it is caused by "an array-indexing error in the handling of a certain record value in a 'rcsL' chunk and can be exploited to use an arbitrary dword in memory as a function pointer via a specially crafted Director file."

Secunia advised Shockwave Player users to avoid untrusted Websites, while Adobe recommended that users ensure that their machines are fully patched.

"We are currently working on determining the schedule for an update to address this vulnerability in Adobe Shockwave Player," Adobe's advisory said. "As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up-to-date."

In part because of their ubiquity, Adobe products have become a major target for attackers in recent years. To improve security, Adobe is introducing sandboxing technology into Adobe Reader for Windows. The update is scheduled to come in the next few weeks.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel