Infosecurity - Adobe issues patches for critical security holes in Shockwave

Adobe issued a security update that provides fixes for four critical memory corruption flaws in Shockwave Player for Windows and Mac operating systems.

The patches affect Shockwave Player 11.6.1.629 and earlier versions.

The update resolves a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446); a memory corruption vulnerability that could lead to code execution (CVE-2011-2447); a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448); and multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).

“These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system”, Adobe warned in its security bulletin.

Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions upgrade to the newest version 11.6.3.633.

“Shockwave is a much-targeted platform by malicious hackers because it runs on many systems that seek out rich media online. In October 2010, unknown assailants published attack code for a Shockwave Player vulnerability that could be used to take control of systems running Shockwave”, commented Paul Roberts with Kaspersky Lab.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Share

Related Stories

Top 5 Stories

News

Adobe issues patches for critical security holes in Shockwave

Adobe issued a security update that provides fixes for four critical memory corruption flaws in Shockwave Player for Windows and Mac operating systems.

Comment on this article

Members' Login

Not a member?