The patches affect Shockwave Player 11.6.1.629 and earlier versions.
The update resolves a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446); a memory corruption vulnerability that could lead to code execution (CVE-2011-2447); a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448); and multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).
“These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system”, Adobe warned in its security bulletin.
Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions upgrade to the newest version 11.6.3.633.
“Shockwave is a much-targeted platform by malicious hackers because it runs on many systems that seek out rich media online. In October 2010, unknown assailants published attack code for a Shockwave Player vulnerability that could be used to take control of systems running Shockwave”, commented Paul Roberts with Kaspersky Lab.