Adobe released patches for five vulnerabilities this week, addressing critical issues discovered in its Shockwave Player. According to Adobe, Shockwave Player versions 11.5.1.601 and earlier are impacted.
Adobe patches Shockwave Player.(IMG:Adobe)
Nicolas Joly, of VUPEN Security, discovered all but one of the five vulnerabilities disclosed by Adobe. The first one, according to a VUPEN Security advisory, centers on an invalid index when handling certain Shockwave content. If exploited, Joly discovered that it lead to code execution via a specially crafted page.
The other three issues include two separate fixes for invalid pointers and memory corruption related to string processing. In each of the three vulnerabilities, exploitation leads to code execution. The fifth vulnerability is a boundary condition that could lead to denial of service.
In June, Adobe fixed a similar vulnerability that allowed remote control over vulnerable systems. This flaw required a complete un-installation of Shockwave Player, and after a reboot, a reinstallation of version 11.5.0.600. One month later, three more flaws were patched thanks to issues discovered in the Microsoft Active Template Library (ATL).
Adobe recommends Shockwave Player users install Shockwave Player version 11.5.2.602. Get it here. The VUPEN Security overview is here.
The Tech Herald: Adobe squashes 29 vulnerabilities with single update
The Tech Herald: Almost two-million people vulnerable to flaws in Adobe software
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story