A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player, including CVE-2010-3653, referenced in Security Advisory APSA10-04. Adobe recommends users of Adobe Shockwave Player 11.5.8.612 and earlier versions update to Adobe Shockwave Player 11.5.9.615 using the instructions provided in the Security Bulletin.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Advisory (APSA10-04) has been posted in regards to a new Adobe Shockwave Player issue (CVE-2010-3653). A critical vulnerability exists in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system. While details about the vulnerability have been disclosed publicly, Adobe is not aware of any attacks exploiting this vulnerability against Adobe Shockwave Player to date.
We will continue to provide updates on this issue via the Security Advisory section of the Adobe website as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player. Adobe recommends users of Adobe Shockwave Player 11.5.7.609 and earlier versions update to Adobe Shockwave Player 11.5.8.612, using the instructions provided in the Security Bulletin.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin was posted today addressing critical security issues in Adobe Shockwave Player.
This posting is provided “AS IS” with no warranties and confers no rights.
We evaluated the impact of the vulnerable versions of the Microsoft Active Template Library (ATL) / CVE-2009-0901, CVE-2009-2495, CVE-2009-2493 / Microsoft Security Advisory (973882) on the Adobe product portfolio. We determined that Flash Player and Shockwave Player are the two products that leverage vulnerable versions of ATL. A Security Advisory for Flash Player and a Security Bulletin for Shockwave Player have been posted to our security bulletins and advisories page.
PSIRT has determined that the Adobe Reader browser plug-in for Internet Explorer, Connect Pro, Flash Lite for mobile devices, LiveCycle SAP Forms and other products are NOT vulnerable to CVE-2009-0901, CVE-2009-2495, or CVE-2009-2493.
Note that only Internet Explorer plug-ins are vulnerable. Thus, people using Flash Player within the Firefox browser — as well as all other Windows-based browsers (that aren’t Internet Explorer) — are not vulnerable. Additionally, Flash Player and Shockwave Player on Macintosh, Linux and Solaris operating systems are not vulnerable.
Per the Shockwave Player Security Bulletin, this vulnerability has been patched in the latest version of Shockwave Player, which is now available for download (http://get.adobe.com/shockwave). Per the Security Advisory for Flash Player, this vulnerability will be patched in the scheduled July 30, 2009 update of Flash Player.
Users should consider installing MS09-034. As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls, such as Flash Player and Shockwave Player, that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035.
We will continue to provide updates on this issue via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.
A Security Bulletin has been posted for Shockwave Player. Adobe is not currently aware of any exploits in the wild for this issue.
This posting is provided “AS IS” with no warranties and confers no rights.
