Adobe Systems is planning to patch a critical vulnerability Oct. 28 in response to the appearance of attacks.
Adobe originally issued an advisory on the bug Oct. 21. The vulnerability exists in Shockwave Player 126.96.36.1992 and earlier, and affects both Windows and Macintosh computers.
Attackers can exploit the issue to cause a crash and allow an attacker to take control of a vulnerable system, Adobe warned. Though Adobe initially said it had not seen any attacks, an updated advisory released Oct. 27 reports that the vulnerability is now being targeted.
According to Secunia, the vulnerability is caused by "an array-indexing error in the handling of a certain record value in a 'rcsL' chunk and can be exploited to use an arbitrary dword in memory as a function pointer via a specially crafted Director file."
Secunia advised Shockwave Player users to avoid untrusted Websites, while Adobe recommended that users ensure that their machines are fully patched.