Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Adobe patches nine critical Shockwave flaws

The critical Shockwave flaws "could enable an attacker to run malicious code on the affected system”, Adobe warned in a security update. The company advised users to update to the latest version of Shockwave.

The Shockwave security update resolves a heap overflow vulnerability that could lead to code execution (CVE-2012-0758) and eight memory corruption vulnerabilities that could lead to code execution (CVE-2012-0757, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766). 

Adobe acknowledged the help of Honggang Ren of Fortinet’s FortiGuard Labs and 'instruder' of Code Audit Labs in finding and fixing the Shockwave vulnerabilities.

For the RoboHelp vulnerability, a “specially crafted URL could be used to create a cross-site scripting attack on Web-based output generated using RoboHelp for Word." Adobe thanked David Damstra of CU*Answers for reporting this flaw.

As reported by Infosecurity, Adobe plugged four critical memory corruption flaws in Shockwave last November.

That update plugged a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446); a memory corruption vulnerability that could lead to code execution (CVE-2011-2447); a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448); and multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).

What’s Hot on Infosecurity Magazine?