Adobe Patches Memory Corruption Flaw in Shockwave

Adobe updated its Shockwave Player, patching a critical memory corruption vulnerability in the software.

Adobe today updated Shockwave player, patching one privately disclosed memory corruption vulnerability in the software.

Adobe gave the vulnerability, CVE-2015-7649, its highest criticality rating, though there are no known public exploits for this flaw.

The vulnerability, Adobe said, could allow an attacker to remotely execute code and take control over the vulnerable machine.

The flaw affects Windows and Macintosh versions of Shockwave 12.2.0.162 and earlier, and users are urged to update to 12.2.1.171.

Adobe last updated Shockwave in September when it patched two critical vulnerabilities, both of which were memory corruption issues similar to today’s update.

Suggested articles

Discussion

  • Shirley Wright on

    I checked for vulnerabilities & i came up with 4 applications: 2 for Adobe Flash Player 1 for Shockwave Flash & 1 for Adobe Reader..checked my programs list..I only found Adobe reader installed 6/13/2013. Is Shockwave & Adobe Flashplayer included in reader? clicking on details brings up Secure list which has article about problem with Shockwave that indicates need for an update. What do I do ?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.