Adobe Systems issues a security advisory about a bug affecting Shockwave Player on both Windows and Mac machines.
Adobe Systems is warning users about a critical bug in Shockwave Player
that impacts both Macintosh and Windows computers.
issued an advisory
about the bug Oct. 21. According to Adobe, the
vulnerability exists in Shockwave Player 126.96.36.1992 and earlier, and could be
exploited to "cause a crash and potentially allow an attacker to take
control of the affected system."
At the moment, Adobe said it is "not aware of any attacks"
exploiting the bug, though "details about the vulnerability have been
A Secunia advisory about the
said it is caused by "an array-indexing error
in the handling of a certain record value in a 'rcsL' chunk and can be
exploited to use an arbitrary dword in memory as a function pointer via a
specially crafted Director file."
Secunia advised Shockwave Player users to avoid untrusted Websites, while
Adobe recommended that users ensure that their machines are fully patched.
"We are currently working on determining the schedule for an update to
address this vulnerability in Adobe Shockwave Player," Adobe's advisory
said. "As always, Adobe recommends that users follow security best
practices by keeping their anti-malware software and definitions up-to-date."
In part because of their ubiquity, Adobe products have become a major target
for attackers in recent years. To improve security, Adobe is
technology into Adobe Reader
for Windows. The update is scheduled to come
in the next few weeks.