January 20, 2010, 10:49AM
Critical Flaws Haunt Adobe Shockwave Player
Comment 
Adobe's run on the patching treadmill continued this week with a "critical" update to fix a pair of code execution holes in its Shockwave Player.
The vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions, on the Windows and Mac operating systems.
According to an Adobe advisory, an attacker who successfully exploits the vulnerabilities could run malicious code on the affected system.
- This update resolves a buffer overflow vulnerability that could potentially lead to code execution (CVE-2009-4002).
- This update resolves multiple integer overflow vulnerabilities that could potentially lead to code execution (CVE-2009-4003).
Adobe recommends Shockwave Player users uninstall Shockwave version 11.5.2.602 and earlier on their systems, restart their systems, and install Shockwave version 11.5.6.606.
Adobe says more than 450 million Internet-enabled desktops have installed Adobe Shockwave Player.
Recommended Reads
Commenting on this Article is closed.
Today's Most Popular
Most Commented Stories
-
Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit (8)
-
Twenty Something Asks Facebook For His File And Gets It - All 1,200 Pages (56)
-
Phony Temple Run Game For Android Plays On Android-iOS App Gap (3)
-
How Offensive Research Drives Down the Cost of Attacks (2)
-
Google Begins Security Review Process for Android Apps (2)
Newsletter Sign-up
Take Our Poll
Follow Threatpost
 |  |  |  |
| Tumblr |
