Share

Related Stories

Top 5 Stories

News

Adobe patches nine critical Shockwave flaws

14 February 2012

Adobe shipped patches for nine critical vulnerabilities in Shockwave Player for Windows and Mac and a patch for an important vulnerability in Robohelp.

The critical Shockwave flaws "could enable an attacker to run malicious code on the affected system”, Adobe warned in a security update. The company advised users to update to the latest version of Shockwave.

The Shockwave security update resolves a heap overflow vulnerability that could lead to code execution (CVE-2012-0758) and eight memory corruption vulnerabilities that could lead to code execution (CVE-2012-0757, CVE-2012-0759, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766). 

Adobe acknowledged the help of Honggang Ren of Fortinet’s FortiGuard Labs and 'instruder' of Code Audit Labs in finding and fixing the Shockwave vulnerabilities.

For the RoboHelp vulnerability, a “specially crafted URL could be used to create a cross-site scripting attack on Web-based output generated using RoboHelp for Word." Adobe thanked David Damstra of CU*Answers for reporting this flaw.

As reported by Infosecurity, Adobe plugged four critical memory corruption flaws in Shockwave last November.

That update plugged a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446); a memory corruption vulnerability that could lead to code execution (CVE-2011-2447); a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448); and multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×